When it comes to threat detection, distributed deception is still the most effective option available for trapping in-network attackers. High-interaction decoys remain valuable, however, mainly for threat hunting, intelligence and research, with the long-term ability to learn an attacker’s methods, targets, tools and techniques. These decoys are live, network-attached operating systems set up to mimic real assets to lure an attacker into full engagement.
Security teams may also be looking for advanced destination-based forensics and hunting TTPs when analyzing incidents on attack campaigns targeting sensitive production systems, which are prone to targeted attacks or might draw a lot of attention from blackhats. Having managed high-interaction decoys mimicking such sensitive production systems, in addition to relevant breadcrumbs, across all hosts lures attackers into full engagement. ...read more!
