Cyber Threat Detection
Description
Cyber deception is a proactive cybersecurity strategy that involves creating a network of deceptive elements, such as decoys to mislead and divert potential attackers. By strategically deploying these deceptive artifacts across an organization’s network, cyber deception aims to confuse attackers and delay their progress.
Detailed example
When attackers engage with the deceptions, they reveal their presence and tactics, allowing security teams to detect, analyze, and respond to threats in real time. This proactive approach not only reduces the time attackers spend within the network but also provides valuable insights into their tactics, techniques, and procedures (TTPs).
AI / analytics pattern
Classical/Predictive Machine Learning: Models trained on data to make predictions or classifications based on identified patterns or relationships.
Automation level / stage
a) Pre-deployment – The use case is in a development or acquisition status.
Expected benefit
Cyber deception is used alongside other cybersecurity measures to enhance overall security posture. Cyber deception not only enhances threat detection but also provides valuable insights into attacker behavior, aiding in the development of more effective defense strategies and minimizing the risk of successful cyberattacks. Cyber deception technology plays a crucial role in enhancing cybersecurity defenses by enabling organizations to detect threats faster and decrease attacker dwell time.
Controls / human review
ATO: Not reported; PIA: Not published