As the very name of the technology implies, the deception trap must be able to deceive the attacker by mimicking real networks, servers, user data etc.

Triggering an attack alert is not enough, it should be able to provide details about the attacker. The software must be able to provide a `photograph` of the attacker so that necessary security actions can be taken. Finally, it should be easily manageable such as integration to existing security management issues. Otherwise, its management becomes a burden for the cyber security personnel.

Almost every industry can benefit from deception technology software. Typical usage areas of deception technology include financial services, healthcare services and retail where there is a significant of personal data.

In financial services typical use cases are:

• Legacy or custom systems where customer data is stored
• Money transfer services
• Cyber risks during M&A or disruptive business or system changes

In healthcare typical use cases are:

• Systems where patient data is stored
• Medical devices that are used in diagnosis and treatment
• Cyber risks during M&A or disruptive business or system changes

In retail typical use cases are:

• Point-of-sale security
• Legacy or custom systems where transaction data is stored
• Cyber risks during M&A or disruptive business or system changes

Additional developing uses cases include smart home and IoT applications, where devices are not protected by a corporate firewall.

Deception software is installed with the aim of detecting cyberattacks that managed to pass through preventive cyber security tools such as firewalls.

Basic requirement is ability to detect and report the attack very quickly and in detail, so that the necessary actions can be taken promptly. Also, as attacks get more and more sophisticated, the software must be dynamically updated by the vendor. This must be a standard feature in the purchase package. It is also important to have sector-specific applications.

Before purchase, a test and trial period is highly recommended. During this period, number and seriousness of the breaches detected must be observed. It is also necessary to compare potential damage of these breaches versus setup and maintenance cost of the deception software.

Detection software is a `defense in the depth` tool against cyberattacks. Also, it is very `efficient` since it gives alerts when there is certainly an infiltrated attack. It brings operational burden only when there is a real problem to deal with.

Deception tech detects intruders, therefore it creates more actionable alerts than alerts of security tools such as firewalls.

Typical firewall security measures try to detect the attackers while they attempt to breach the network attack surface. Detection software activates after the breach occurs. Since they deal with end points, firewalls generate many alerts since normal network usage can be mistaken as attempts to breach the network. Major enterprises might have millions of alerts every day. On the other hand, detection software generates an alert when there is certainly a breach. Thus, it triggers a specific action for the cyber security personnel.

Deception technology software is not designed to be a first-line defense against cyberattacks. Its aim is not to avoid infiltrations. Rather, it does its job when there is an infiltration and attackers start to roam in the attacked system. It is not a stand-alone cyber security solution; it complements the existing prevention tools.

Work of deception technology begins after a cyberattack manages to infiltrate a network. The technology generates `traps` that mimics real technology assets, networks etc. These traps are designed to trick the attacker that s/he has discovered a way to access and steal information. When the attacker starts to interact with this trap, deception technology software informs a central a deception server or general cyber security server about the attack.

Interest in deception software is increasing constantly. Currently, several Forbes 1000 firms from financial services, healthcare and utility industries as well as governmental institutions use deception tools. The technology is also gaining traction in smaller size firms. Its importance is increasing as an essential item in the cyber security arsenal. According to a research firm Technavio's report, deception technology software market will grow 9% annually and reach $1.3 billion in 2020.

Although firewalls getting better every day, attackers always find a way to infiltrate the systems. Recent examples show that attacks become more sophisticated. In 2018, cyberattacks exposed 2.8 billion user records and cost businesses $654 billion in the USA alone. There is no practical way to achieve zero infiltration. Once the attacker breaches the defenses, it can roam freely in the network for several days. According to cybersecurity firm FireEye, average dwell time is a staggering 99 days.

Thus, it is necessary to detect successful attackers once they start to roam in your network. Detection software complements typical firewall solutions in this sense.