Exit this survey

IDC Survey- "Deception Measures"

Question Title

* 1. Please provide the following information:

Name:

Title:

Company:

Email: *

Industry:

No. Employees:

Revenue ($m):

IT Budget ($m):

IT Security Budget ($m): *

Question Title

* 2. How do you assess the value of deception technologies as a contributing part of an overall security program?

Detrimental

No Value

Minor Value

Good Value

Major Value

Question Title

* 3. What are your plans for implementing deception technologies as part of your overall security program?

Now-12 Months

12-24 Months

24-36 Months

36 Months+

No Plans

Question Title

* 4. On a scale of 1 to 5 (1= not useful and 5= extremely useful), please rate the following deception methods:
How useful or the deception methods below, where 1 is NOT useful and 5 is extremely useful?

	1	2	3	4	5
Using “lures” like open network shares or database connections on production systems to attract an attacker to a “trap” server.	Using “lures” like open network shares or database connections on production systems to attract an attacker to a “trap” server. 1	Using “lures” like open network shares or database connections on production systems to attract an attacker to a “trap” server. 2	Using “lures” like open network shares or database connections on production systems to attract an attacker to a “trap” server. 3	Using “lures” like open network shares or database connections on production systems to attract an attacker to a “trap” server. 4	Using “lures” like open network shares or database connections on production systems to attract an attacker to a “trap” server. 5
Using “breadcrumbs” like false file objects or data records on production systems to trace an attack through the environment and potentially externally.	Using “breadcrumbs” like false file objects or data records on production systems to trace an attack through the environment and potentially externally. 1	Using “breadcrumbs” like false file objects or data records on production systems to trace an attack through the environment and potentially externally. 2	Using “breadcrumbs” like false file objects or data records on production systems to trace an attack through the environment and potentially externally. 3	Using “breadcrumbs” like false file objects or data records on production systems to trace an attack through the environment and potentially externally. 4	Using “breadcrumbs” like false file objects or data records on production systems to trace an attack through the environment and potentially externally. 5
Planting false credentials/tokens in memory on production systems to identify escalation (e.g. via pass-the-hash attack).	Planting false credentials/tokens in memory on production systems to identify escalation (e.g. via pass-the-hash attack). 1	Planting false credentials/tokens in memory on production systems to identify escalation (e.g. via pass-the-hash attack). 2	Planting false credentials/tokens in memory on production systems to identify escalation (e.g. via pass-the-hash attack). 3	Planting false credentials/tokens in memory on production systems to identify escalation (e.g. via pass-the-hash attack). 4	Planting false credentials/tokens in memory on production systems to identify escalation (e.g. via pass-the-hash attack). 5
Using a network “honey” responder to respond (e.g. syn-ack) to connection requests (e.g. syn) for nonexistent systems and blocking source IPs at connection attempt (e.g. ack).	Using a network “honey” responder to respond (e.g. syn-ack) to connection requests (e.g. syn) for nonexistent systems and blocking source IPs at connection attempt (e.g. ack). 1	Using a network “honey” responder to respond (e.g. syn-ack) to connection requests (e.g. syn) for nonexistent systems and blocking source IPs at connection attempt (e.g. ack). 2	Using a network “honey” responder to respond (e.g. syn-ack) to connection requests (e.g. syn) for nonexistent systems and blocking source IPs at connection attempt (e.g. ack). 3	Using a network “honey” responder to respond (e.g. syn-ack) to connection requests (e.g. syn) for nonexistent systems and blocking source IPs at connection attempt (e.g. ack). 4	Using a network “honey” responder to respond (e.g. syn-ack) to connection requests (e.g. syn) for nonexistent systems and blocking source IPs at connection attempt (e.g. ack). 5
Slowing down a network connection with “tarpit” techniques to gather more forensic information.	Slowing down a network connection with “tarpit” techniques to gather more forensic information. 1	Slowing down a network connection with “tarpit” techniques to gather more forensic information. 2	Slowing down a network connection with “tarpit” techniques to gather more forensic information. 3	Slowing down a network connection with “tarpit” techniques to gather more forensic information. 4	Slowing down a network connection with “tarpit” techniques to gather more forensic information. 5
Deploying false endpoints (e.g. VMs) on a network to act like legitimate systems.	Deploying false endpoints (e.g. VMs) on a network to act like legitimate systems. 1	Deploying false endpoints (e.g. VMs) on a network to act like legitimate systems. 2	Deploying false endpoints (e.g. VMs) on a network to act like legitimate systems. 3	Deploying false endpoints (e.g. VMs) on a network to act like legitimate systems. 4	Deploying false endpoints (e.g. VMs) on a network to act like legitimate systems. 5
Deploying a server “honeypot” to collect attribution information on attackers for use in threat management programs.	Deploying a server “honeypot” to collect attribution information on attackers for use in threat management programs. 1	Deploying a server “honeypot” to collect attribution information on attackers for use in threat management programs. 2	Deploying a server “honeypot” to collect attribution information on attackers for use in threat management programs. 3	Deploying a server “honeypot” to collect attribution information on attackers for use in threat management programs. 4	Deploying a server “honeypot” to collect attribution information on attackers for use in threat management programs. 5

Question Title

* 5. On a scale of 1 to 5 (1=none; 5=extreme), please rate the following challenges to a deception program:
How challenging are the obstacles to a deception program below, where 1 is NOT challenging and 5 is extremely challenging?

	1	2	3	4	5
Justifying the cost and contribution to business value.	Justifying the cost and contribution to business value. 1	Justifying the cost and contribution to business value. 2	Justifying the cost and contribution to business value. 3	Justifying the cost and contribution to business value. 4	Justifying the cost and contribution to business value. 5
Addressing technical performance and management of deception systems.	Addressing technical performance and management of deception systems. 1	Addressing technical performance and management of deception systems. 2	Addressing technical performance and management of deception systems. 3	Addressing technical performance and management of deception systems. 4	Addressing technical performance and management of deception systems. 5
Prioritizing a deception program relative to any/all other security initiatives.	Prioritizing a deception program relative to any/all other security initiatives. 1	Prioritizing a deception program relative to any/all other security initiatives. 2	Prioritizing a deception program relative to any/all other security initiatives. 3	Prioritizing a deception program relative to any/all other security initiatives. 4	Prioritizing a deception program relative to any/all other security initiatives. 5
Evaluating options and determining efficacy of a deception solution.	Evaluating options and determining efficacy of a deception solution. 1	Evaluating options and determining efficacy of a deception solution. 2	Evaluating options and determining efficacy of a deception solution. 3	Evaluating options and determining efficacy of a deception solution. 4	Evaluating options and determining efficacy of a deception solution. 5
Integrating a deception program into existing strategic security program.	Integrating a deception program into existing strategic security program. 1	Integrating a deception program into existing strategic security program. 2	Integrating a deception program into existing strategic security program. 3	Integrating a deception program into existing strategic security program. 4	Integrating a deception program into existing strategic security program. 5

Other (please specify and rank)

Question Title

* 6. Please identify any vendors, methods, etc. associated with a deception program that you are aware of: