For example, there might be a realistic-looking interface that gives a hacker three failed attempts, then lets them in on the fourth try.
"We have templates with fake files and directories that look like a real directory," he said.
And as real network resources change, the deception net can respond.
"The emulations are very agile," he said. "We can spin them up and spin them down, and move them with the network as it moves around. If they want to do it manually they can, or we have tools to automate it."
And here's a bonus pro tip for those setting up deception grids: Don't just stop at making your decoys look like real targets. Make the real targets look like decoys.
"Take an ordinary file server, and manipulate the server banner to advertise itself as a honeypot," said Sean Sullivan, security adviser at Helsinki-based F-Secure, which provides managed services for enterprise looking to outsource their deception grid oversight.
The same trick can be used against malware, he added.
"Malware does not want to run in a virtual machine, because it assumes it is being analyzed by malware researchers," he said. "But you can take a non-VMware machine and give it VMware registry keys and the malware sees those registry keys, thinks its a VMware machine, and kills itself."
Sign up for CIO Asia eNewsletters.