Deepen Desai, CSO and head of security research at Zscaler, compares deception operations to motion detectors. âIf I were to draw an analogy, you have locks, keys, and doors to protect your house from bad guys getting in. But when bad guys get in, whether theyâre pretending to be the good guys or theyâre already inside, itâs the motion sensors that you tactically place at spots in the house that are not easily visible but raise the alarm when someone is at a place where you donât expect them to be.â
Realism is critical to the success of deception
A critical component of deception technology is the creation of assets that criminals and other threat actors believe are real, at least for a while, lest they quickly exit or avoid them altogether, which would render the deception operation useless. âYouâre not going to be able to do it perfectly because youâre going to always leave some sort of weird footprint, a little flag,â Handorf tells CSO.
Getting the details right for highly elaborate deception operations is particularly important. Assets that appear fake, such as 1,000 computers all unrealistically built precisely the same way, âtip off the adversary that itâs not a real deception,â Handorf says. âSomething about the host isnât exactly right. Itâs too symmetrical. In movies, people walk in, and they are like, âWait, thereâs something about this room that just doesnât feel right. Itâs way too convenient,â and then, all the cops show up.â
