GigaOm Radar for Deception Technologyv2.0

Table of Contents

  1. Summary
  2. Market Categories and Deployment Types
  3. Key Criteria Comparison
  4. GigaOm Radar
  5. Vendor Insights
  6. Analyst’s Take
  7. About Chris Ray

1. Summary

The prevalence of malicious actors in the digital world has created a dynamic that compels cybersecurity defenses to adapt constantly. Attackers often zag as soon as defenders zig, making it hard for defenders to detect threats. To combat this problem, organizations have been turning to deception technology.

Deception technology allows cybersecurity teams to craft traps and gather valuable information about attacker techniques and behaviors. This information can then be used to make decisions that effectively protect the network even in the face of changing attacker methods. Deception technology has become an essential tool for organizations looking to stay one step ahead of malicious actors.

Historically, two main methods have enabled deception tech: honeypots and sandboxes. A honeypot is a digital trap that imitates an actual device on the network, with the idea of luring malicious actors into revealing themselves. Sandboxes, on the other hand, are virtual environments that restrict the activities of malware and allow post-exploitation analysis of malicious code without endangering the organization. By using these techniques together, security teams have been able to create deceptive traps that alert them when suspicious behavior is detected, allowing them to safely detect and analyze malware threats before they cause any damage.

Today, the term “deception technology” has taken on a much broader meaning. Legacy deception tech focused only on creating infrastructure that resembled Linux or Windows servers, but this is no longer effective in the ever-evolving threat landscape. With cloud infrastructures, software-defined networks, and work-from-anywhere becoming increasingly popular, modern networks have no periphery to protect. This means that innovative methods must be used to maintain security. Such methods include mapping to security frameworks such as MITRE ATT&CK or SHIELD, low code/no code features for simple customization of deception tactics, and using bait or lures for agentless detection technology.

This GigaOm Radar report highlights key deception technology vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating Deception Technology Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.