DE.CM-03.282

Does your organization actively monitor deception technology (e.g., honeypots, honeyfiles, decoy accounts) for any usage or interaction?

Explanation

Deception technology creates fake assets that legitimate users should never interact with, making any activity on these decoys a strong indicator of malicious behavior. Monitoring these decoys provides early warning of potential intrusions, lateral movement attempts, or credential theft without generating false positives that plague traditional detection methods. Evidence could include screenshots of deception technology dashboards showing monitoring configurations, alert logs from deception systems, documentation of response procedures when decoys are triggered, or reports showing historical monitoring of deception assets with timestamps and resolution actions.

Implementation Example

Continuously monitor deception technology, including user accounts, for any usage

ID: DE.CM-03.282

Context

Function
DE: DETECT
Category
DE.CM: Continuous Monitoring
Sub-Category
Personnel activity and technology usage are monitored to find potentially adverse events

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron