Table of Contents
- Summary
- Market Categories and Deployment Types
- Key Criteria Comparison
- GigaOm Radar
- Vendor Insights
- Analyst’s Take
- Methodology
- About Chris Ray
- About GigaOm
- Copyright
1. Summary
Attacker techniques and behaviors are constantly evolving. As cyber security defenses zig, attackers zag. This dynamic creates an environment wherein what has worked in the past to detect malicious actions most likely won’t work today or in the future. Deception Technology (DT) tackles this quandary head on, enabling defenders to set traps for attackers, gathering valuable information to make better decisions.
Historically, DT might be either a honeypot or a sandbox. A honeypot is a trap that emulates a real device on the network, while a sandbox is a virtual environment meant to restrict the activities of malware and allow analysis of the malware post-exploitation, without endangering the organization.
Today, DT is described in much broader terms. Legacy DT attempted to emulate typical on-premises infrastructure like Linux and Windows hosts; however, this tactic alone is no longer enough. Today, modern organizations that have no perimeter or physical data centers must go beyond simply emulating popular operating systems. The growth of various elements, like cloud, SDN, and remote workers, and the need for forensic analyses of attacker techniques, have driven the evolution of DT. It now includes features like mapping to the MITRE ATT&CK or SHIELD frameworks, low code/no code customization, and leveraging bait or lures for agentless deception.
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.