This website uses cookies

Read our Privacy policy and Terms of use for more information.

If you’re serious about detecting threat actors in your network BEFORE they do real harm, you need this.

Ethical Threat Insights: Deception, the best ROI in Security

There is a misconception that more security alerts == safer environment.

That’s so not true

Better alerts == more actionable evidence.

That means you’re responding to what matters most, not when your server goes haywire because of a benign scheduled task.

Out of the box EDR is a false positive mess. Because of that SOC teams end up sending you alerts that have been generated without context.

It’s just a single alert in a sea of event logs and noise.

There’s a better way to catch threat actors. That’s with deception.

Deception is the best ROI in security because:

  1. It’s inexpensive (especially compared to “traditional” security products: EDR, Email Gateways, Firewalls, etc.)

  2. It can be deployed places traditional security cannot (ICS networks, slack, ticketing systems, sharepoint, file shares, web sites, aws, github, entra, etc.)

Most security tools nowadays spit out hundreds of alerts daily, if not more.

That’s costing someone time and resources to triage.

What we really need is the alerts have to be:

  • Accurate

  • Actionable

Otherwise, you’re spending money just to be distracted.

Too many IT teams are sleeping on deception because they don't see the "ROI."

The ROI is in the data and telemetry. It's the high-fidelity, low false positive nature of it that makes it so useful.

So what if you go 364 days without an alert from it.

That 1 time when you do get an alert is WAY MORE meaningful than all those false positives your EDR generates.

Lastly, there was a study done that indicated that even announcing or letting attackers discover the presence of deception may be enough to alter their behaviors in your environment.

What that means is they make change up their tactics, perform more actions, make mistakes, get caught which affords you the ability to kick their tail right out of your network

If you need more convincing or just want to learn how to make hackers hate their lives if they are to ever land in your environment, check out the recording of my recent deception webinar.

All the best
Spencer Alessi

PS - if you want to deploy deception in your environment but don’t know where to start, reply to this email and I’ll help you get started.

Keep Reading