How to choose a deception vendor

When shopping around for cybersecurity vendors, it can be hard to distinguish and determine which vendor is right for your organization. This is especially true with deception, a sector that is still growing and developing rapidly. Each deception provider has their own unique approach, but the end goal of detecting and halting threat actors remains the same.

So how do you figure out which threat intel solution and deception vendor is right for you?

One consideration may be budget, which is relatively straightforward. Another may be finding out who your competitors use. But in a sector where clients don’t want to be identified, how can you know if your vendor is working with companies like yours? How can you tell which vendor is serving the top organizations?

The first thing we advise when CISOs and other security managers are seeking a new solution is to take stock of their goals. Knowing how your team will make use of the intelligence provided by deception technology can help determine which provider is the best match for you.

Read on to find out

  • What questions to ask a cyber deception sales team before you commit to a solution
  • The questions your service providers might be afraid you will ask
  • How to avoid making a big investment that won’t improve the security posture of your organization

Asking the right questions can help you avoid operational risk and reputational risk that comes with big data breaches. Read on for a helpful guide on the most important questions to ask.

How realistic are the decoys and environments the deception platform deploys?

When it comes to deception, believability is the most important indicator for effectiveness. The longer you can keep the bad guy occupied, the more information you can gather about them. Decoys should look and feel like real production assets-otherwise, skilled attackers will not be fooled. Emulated systems just aren’t effective enough. We believe in using real IT to make deception decoys and environments ultra-realistic.

Does the solution work both pre- and post-breach?

Many deception vendors focus on detecting threats once they have entered the network. While that is a must, wouldn’t it be even better to detect attackers while they are still in the pre-breach, scouting phase? A deception solution that detects actors operating outside your organization means you can shift to the risk response way down the kill chain. Ideally, a deception solution will be able to provide threat intel on an attack before the attack has even taken place, giving you time to react and strengthen your network.

Can I integrate it with my systems/software/workflow?

This is a critical issue. Whatever threat intel product you decide to use, it must be able to be integrated into your systems and workflow. Look for a deception solution that allows you to add the data gathered to your SIEM, an excel, or any other application or format your team uses. You should be able to gather the info and easily share it with your team.

Read original full article