In cybersecurity, deception is redundant if it cannot fulfill its critical aim – to misdirect, confuse, and lure attackers into traps and dead-ends. It is the art of tricking attackers into overextending and exposing themselves. To deceive attackers, an organization’s security team must see things from the adversary’s perspective.

Several key components are required to carry this out: full visibility, establishing context, understanding the intent of attackers, and then engineering action to increase the cost and complexity of their attack. A key goal of deception is to alter the organization’s attack surface to confuse and mis-direct adversary campaign objectives.