GigaOm Key Criteria for Evaluating Deception Technology Solutionsv3.0

1. Executive Summary

Attacker techniques and behaviors are constantly evolving. As cybersecurity vendors zig, attackers zag. This creates an environment where what worked in the past to detect malicious actions may not work today and almost certainly won’t work in the future. Organizations, therefore, need security tools that can evolve as quickly as attackers do, and perhaps even anticipate some malicious behavior and take proactive measures. Deception technology (DT) tackles this challenge head on and enables defenders to set traps for attackers, providing defenders with valuable information about attacker behavior so they can make more informed decisions.

Early examples of DT were emulations of a Linux or Windows host. These were called honeypots, and although they are still deployed with good practical results today, they have quite different capabilities than when they were first launched 30 years ago. With infrastructure as a service (IaaS) and DevOps practices using infrastructure as code (IaC), organizations have had to evolve their use of DT to meet the demands of modern enterprises.

Today, DT is more comprehensive. No longer do organizations rely solely on physical data centers and perimeters to protect their networks. Cloud computing, software-defined networking (SDN), remote workers, and on-premises technologies are leveraged to create a robust defense system that emulates and tracks activity across different areas of real networks. By incorporating these advanced technologies with other security methods, such as zero-trust technologies, organizations can take advantage of the benefits DT tools bring without compromising the safety of their networks.

Modern DT is integrative in nature, bridging the gap between existing detection-focused technologies like endpoint detection and response (EDR) and the security information and event management (SIEM) solutions on which security teams base much of their workflows. Because SIEM detection capabilities are directly correlated with the quality of telemetry fed into the solution, SIEM solutions will always be limited by upstream telemetry sources. For organizations seeking the earliest possible detection, DT will be appealing.

Business Imperative
Incorporating enhanced DT should no longer be viewed as an optional component of an organization’s cybersecurity strategy—it is becoming a business imperative. From a CxO’s perspective, the organization needs to adopt advanced DT solutions to maintain operational integrity and protect corporate assets. CIOs and CTOs understand that a breach can result in significant financial loss, damage to customer trust, and long-term harm to the company’s reputation. CISOs in particular are aware that increasingly, traditional security measures are insufficient against sophisticated cyberthreats.

By implementing modern DT solutions, an organization can proactively defend its network by deceiving and engaging attackers, gaining critical time to respond, and learning from intrusions to fortify defenses. This is not simply about technology—it’s about safeguarding the company’s future. The insights gained from DT can guide strategic decisions, inform risk management, and drive security investments that align with the business’s vision and objectives. For CxOs, prioritizing DT integration reinforces a commitment to resilience and displays thought leadership in cybersecurity, positioning the company as a forward-thinking entity in a landscape plagued by ever-evolving dangers.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a DT deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of DT, we provide an overall Sector Adoption Score (Figure 1) of 3.6 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a DT solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for deception technology are explained in more detail in the Sector Brief section that follows.

Figure 1. Sector Adoption Score for Deception Technology

This is the third year that GigaOm has reported on the deception technology space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective deception technology solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading deception technology offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.