Assessing the Relevance of Deception Technologies in Modern Cybersecurity Environments

dc.contributor.authorPuska, Pekka
dc.contributor.departmentfi=Tietotekniikan laitos|en=Department of Computing|
dc.contributor.facultyfi=Teknillinen tiedekunta|en=Faculty of Technology|
dc.contributor.studysubjectfi=Tietotekniikka|en=Information and Communication Technology|
dc.date.accessioned2026-06-30T19:31:23Z
dc.date.issued2026-06-19
dc.description.abstractThis thesis examines the relevance, adoption, and operational positioning of deception technologies in modern cybersecurity environments. As threat actors become increasingly adaptive and capable of blending malicious activity with legitimate system behaviour, traditional defensive approaches based primarily on detection and response face growing challenges. The purpose of this study is to examine where deception technologies fit within contemporary cybersecurity architectures and how they complement existing defensive controls. The theoretical section reviews deception technologies, threat actor behaviour, traditional security controls, and emerging adaptive approaches to cyber deception. Particular attention is given to the relationship between deception technologies and existing capabilities such as Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms. The empirical component of the study was conducted through a questionnaire distributed to experienced cybersecurity practitioners. A total of 47 survey invitations were issued, resulting in nine completed responses. Although the response rate was limited, the respondent group consisted of highly experienced cybersecurity practitioners representing a variety of professional backgrounds and operational environments. The findings indicate that deception technologies are generally regarded as relevant within modern cybersecurity environments. Respondents most frequently associated deception with early compromise detection, adversary behaviour analysis, lateral movement visibility, and the reduction of uncertainty during security investigations. At the same time, deception technologies were primarily viewed as complementary capabilities rather than replacements for traditional security controls. The results also highlighted the importance of integration, governance, operational complexity, and organizational maturity in determining the successful adoption of deception technologies. The study concludes that deception technologies have progressed beyond purely experimental concepts and are increasingly recognized as a valuable component of layered cybersecurity architectures. However, their practical value depends less on technical feasibility and more on effective integration, operationalization, and governance within existing security environments. The findings further suggest that the primary challenge facing deception technologies is no longer demonstrating their potential value, but enabling organizations to consistently realize that value in practice.
dc.format.extent90
dc.identifier.urihttps://www.utupub.fi/handle/11111/62572
dc.identifier.urnURN:NBN:fi-fe20260630107009
dc.language.isoeng
dc.rightsfi=Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.|en=This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.|
dc.rights.accessrightsavoin
dc.subjectcybersecurity
dc.subjectdeception technologies
dc.subjectcyber deception
dc.subjectthreat detection
dc.subjectcybersecurity architecture
dc.subjectthreat actors
dc.subjectSIEM
dc.subjectEDR
dc.titleAssessing the Relevance of Deception Technologies in Modern Cybersecurity Environments
dc.type.ontasotfi=Diplomityö|en=Master's thesis|

Tiedostot

Näytetään 1 - 1 / 1
Ladataan...
Name:
UTU Thesis.pdf
Size:
1.02 MB
Format:
Adobe Portable Document Format