"You can place them in essentially a hall of mirrors," said Gartner's Pingree.
The longer the attacks take, the less money the cybercriminals wind up making, said Shogo Cottrell, security strategist at Hewlett Packard Enterprise.
A deception grid can also trick a hacker into going home with files that, at the end of the day, turn out to be full of useless data.
"It's been made up, or protected with encryption," he said.
Plus, a sticky trap can help an enterprise do a kind of competitive analysis on the enemy, see what targets they are looking for, and what techniques they are using, he added.
Flexible net of deception
A traditional honeypot is a particularly tasty file, database or server, one that just screams out to hackers that its full of delicious proprietary information, credit card numbers, login credentials and other goodies. The attacker finds it, tries to get into it, and alarms go off.
But the honeypot approach never really scaled to the enterprise level, said Gadi Evron, co-founder and CEO at Cymmetria. "It's very limited in what it can do, and when it comes to attackers with more sophisticated attacks, it fails miserably."
We want to create a large decoy surface area -- a cyber minefield field - Anthony James, CMO at TrapX
The bait also has to be good enough to pass as a realistic target, not a fake prop.
"Attackers are smart enough to realize that something is a honey pot because it's a simulation, it's not real," said Dean Sysman, Cymmetria's co-founder and CTO.
And there have to be enough decoys for the attacker to be able to find them.
"You have to hope that they'll land on one or two fake decoys that sit near the real server," said Anthony James, CMO at TrapX, one of the leading vendors in the space.
The new approach is to cast a wider net, of more subtle traps.
"We want to create a large decoy surface area -- a cyber minefield field," said James.
TrapX, along with several other vendors in this emerging space, uses automation to create phony workstations, servers, databases, even medical devices, point of sale terminals and automatic teller machines.
Then TrapX lays a trail of breadcrumbs that leads them to the decoys. The breadcrumbs are only visible to attackers, who are using backdoor tools or command line interfaces to explore corporate networks.
"The real trick is that the legitimate user never sees these links," James said. "They're never stumbling on a trap and tripping the alarm."
Then the TrapX decoys keep the hacker on the hook, giving the security team time to respond.
Sign up for CIO Asia eNewsletters.