Concept: California’s cloud security company Zscaler has unveiled Zscaler Deception, a deception-based threat detection platform that can identify advanced assaults without causing operational overhead or false positives. It adds deception technologies to the Zscaler Zero Trust Exchange, blanketing the environment with decoys and false user pathways to attract attackers.
Nature of Disruption: Zscaler Deception plants lure on endpoints in the form of false passwords, cookies, browser sessions, and files. The platform can notify the security team when devices are compromised both on and off the network, and it can direct attackers away from their intended targets by directing them to decoys. It provides an additional layer of security to a network that extends outside the office. Zscaler Deception generates decoys of internet-facing infrastructures, such as VPN (virtual private network) portals or other remotely accessible services, in the event of stolen credentials that compromise users. When attackers explore these public-facing assets for targets and attempt to obtain access using stolen credentials, they are immediately recognized without false positives. When an attacker access one of these decoy resources, a discreet alarm alerts the security team to a presence of an adversary. The SOC (Security Operation Center) can then use the data to investigate adversary activity, search the network for threats, or block access. Zscaler Deception works in tandem with the Zscaler platform and an ecosystem of third-party security tools such as SOAR (security orchestration, automation and response), SIEM (security information and event management), and other SOC solutions to shut down active attackers automatically and quickly.
Outlook: Traditional defenses check malicious code to keep adversaries away, but most of the attacks aren’t even malware-based. Their advanced techniques quickly bypass standard defenses, posing a challenge to security teams who lack the resources or time to look for threats. Zero Trust is a strategy that can address these security challenges. Zscaler Deception aims to prevent attackers and reduce losses, a core principle of zero trust is to assume a breach and enable least-privilege access, as well as continuous monitoring and authentication. It works by placing decoys in existing settings that look like actual IT assets, allowing advanced attackers to be intercepted when they try to utilize stolen credentials, compromise users, or move laterally once inside the network. As part of the Zero Trust journey, the platform can make apps invisible to the internet, use segmentation to securely connect users to public or private apps without exposing irrelevant items, and enhance defenses with security tools like deception, browser isolation, and traffic inspection.