Deception technologies such as honeypots are becoming increasingly popular with enterprises as the products get more flexible and the tools allow security analysts swamped with incident reports to zero in on cases of actual ongoing infiltration.
According to a report released in August by research firm Technavio, the deception technology market is growing at a compound annual growth rate of 9 percent, and is predicted to reach $1.33 billion by 2020.
The technology includes not only the traditional honeypots but also a new class of multi-layered, distributed endpoint decoys, according to Technavio analyst Amrita Choudhury.
Another research firm, TechSci Research, predicts a market size of $1.7 billion by 2021, with a CAGR of over 10 percent.
According to TechSci analyst Karan Chechi, the biggest growth areas for the technology include the financial services sector, retail, healthcare and government.
No false positives
Current security systems send up a lot of alerts, many of them false positives.
And the move to a new generation of systems based on machine learning isn't helping, said Lawrence Pingree, analyst at Gartner.
"Those kind of algorithms tend to have a lot more false positives than other approaches," he said. "I've sat in front of a SIEM with 5,000 alerts an hour, and I've had to triage that. That's an overwhelming data set."
A deception grid changes this dynamic.
"In a deception system, the alerts you get are very minimal, and any alert you get says that something is awry," he said. "It's an almost zero false positive solution. That's a huge win for security professionals."
He estimated that today's deception grid vendors are seeing between $25 million and $50 million in total annual revenues, and that the amount is growing by the double digits.
"It will be between $80 and $100 million globally in the next year or two," he added.
In addition to the core market for the tools themselves, related managed services are also growing, he added, due to a personnel shortage in the industry.
"You don't have false positives," confirmed Doron Kolton, CEO at TopSpin Security.
And if a company employee does end up at a decoy, that's a red flag.
"He shouldn't be doing that," said Kolton.
That means that an overworked security team, flooded by incident reports that may or may not lead to anything significant, can look at the honey traps first.
"You can use the deception grid in order to prioritize events in the incident stream," he said. "You can look at the other events that were triggered on the same endpoint."
Top deception grid vendors
Deception grids can also increase the costs for the attackers, by making them spend time chasing shadows around.
Sign up for CIO Asia eNewsletters.