Interest in deception technology is growing because it can play a valuable role in improving intrusion detection, says Anton Chuvakin, a research vice president at Gartner.
The technology is "a bit of a niche," Chuvakin says in an interview with Information Security Media Group. "It isn't something that's going to be adopted at the same scale as anti-virus and firewalls or even log analysis or SIEM. But it's a growing niche with a lot of very avid fans."
Some organizations see deception technology as an alternative to analyzing big data to idenfity threats. And it can play an important role in detecting intruders' lateral movements, he says.
"Deception gives us a very crisp signal ... with low noise ... for detecting lateral movement by an attacker, and that's where it shines," Chuvakin says.
In the interview (see audio link below photo), Chuvakin discusses:
- The role machine learning plays in deception technology;
- How deception technology can help in the fight against ransomware;
- What special skills are needed to roll out the most advanced applications of deception technology.
Chuvakin is a research vice president at Gartner's technical professionals security and risk management group. Previously, he worked as chief logging evangelist at LogLogic, director of PCI compliance solutions at Qualys and as a security strategist at netForensics. He writes the blog "Security Warrior" and is an author of book by the same name, as well as the book "PCI Compliance." He also was a contributor to "Know Your Enemy II," "Information Security Management Handbook" and other books. He has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS and security management.