Assessing the Relevance of Deception Technologies in Modern Cybersecurity Environments

avoin
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
Lataukset9

Verkkojulkaisu

DOI

Tiivistelmä

This thesis examines the relevance, adoption, and operational positioning of deception technologies in modern cybersecurity environments. As threat actors become increasingly adaptive and capable of blending malicious activity with legitimate system behaviour, traditional defensive approaches based primarily on detection and response face growing challenges. The purpose of this study is to examine where deception technologies fit within contemporary cybersecurity architectures and how they complement existing defensive controls. The theoretical section reviews deception technologies, threat actor behaviour, traditional security controls, and emerging adaptive approaches to cyber deception. Particular attention is given to the relationship between deception technologies and existing capabilities such as Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms. The empirical component of the study was conducted through a questionnaire distributed to experienced cybersecurity practitioners. A total of 47 survey invitations were issued, resulting in nine completed responses. Although the response rate was limited, the respondent group consisted of highly experienced cybersecurity practitioners representing a variety of professional backgrounds and operational environments. The findings indicate that deception technologies are generally regarded as relevant within modern cybersecurity environments. Respondents most frequently associated deception with early compromise detection, adversary behaviour analysis, lateral movement visibility, and the reduction of uncertainty during security investigations. At the same time, deception technologies were primarily viewed as complementary capabilities rather than replacements for traditional security controls. The results also highlighted the importance of integration, governance, operational complexity, and organizational maturity in determining the successful adoption of deception technologies. The study concludes that deception technologies have progressed beyond purely experimental concepts and are increasingly recognized as a valuable component of layered cybersecurity architectures. However, their practical value depends less on technical feasibility and more on effective integration, operationalization, and governance within existing security environments. The findings further suggest that the primary challenge facing deception technologies is no longer demonstrating their potential value, but enabling organizations to consistently realize that value in practice.

item.page.okmtext