Cyber Deception Trials: What We've Learned So Far
Summary:
The NCSC’s cyber deception trials assessed whether defensive techniques like honeypots can help improve detection, observability, and threat hunting in real-world environments. Through the Active Cyber Defence 2.0 programme, the NCSC worked with 121 UK organizations and 14 commercial providers of cyber deception solutions, conducting 10 product trials across different environments, from cloud deployments to operational technology. The trials tested three core assumptions:
Overall, the NCSC found strong interest in cyber deception but a clear gap in guidance, with many organizations unsure where to start or needing reassurance on products they’re using are effective and safe. The misconfiguration and poor maintenance of deception tools were identified as risks, highlighting the need for ongoing management rather than one-time deployment. Looking ahead, the NCSC sees a compelling case for wider adoption of cyber deception, not only for detection and intelligence but also for imposing cost on adversaries by wasting their time, disrupting their workflows, and increasing uncertainty.
Link(s):
https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far
The NCSC’s cyber deception trials assessed whether defensive techniques like honeypots can help improve detection, observability, and threat hunting in real-world environments. Through the Active Cyber Defence 2.0 programme, the NCSC worked with 121 UK organizations and 14 commercial providers of cyber deception solutions, conducting 10 product trials across different environments, from cloud deployments to operational technology. The trials tested three core assumptions:
- Cyber deception can help uncover hidden compromises already inside networks.
- Cyber deception can help detect new attacks as they happen.
- Cyber deception can change how attackers behave if they know cyber deception is in play.
Overall, the NCSC found strong interest in cyber deception but a clear gap in guidance, with many organizations unsure where to start or needing reassurance on products they’re using are effective and safe. The misconfiguration and poor maintenance of deception tools were identified as risks, highlighting the need for ongoing management rather than one-time deployment. Looking ahead, the NCSC sees a compelling case for wider adoption of cyber deception, not only for detection and intelligence but also for imposing cost on adversaries by wasting their time, disrupting their workflows, and increasing uncertainty.
Link(s):
https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far