Whitepaper: Collaborative Deception Fleet, now available!


The best source of threat intelligence would be directly from the mind of a threat actor. Since that source is not accessible, current threat intelligence teams rely on after-the-fact tactical, operational, and strategic information. For example: knowledge shared after a breach at another company, a vulnerability in software shared to the public or information from industry experts. Acting on this information improves the resilience to similar future attacks. But you will always have a blind spot for threats that are not yet known.

To tackle this blind spot, the idea of a collaborative deception environment emerged within the PCSI program. A safe environment, configured like a financial institute where we could monitor threat actors with a fly-on-the-wall observation technique and hopefully learn about new attacker techniques and infrastructure, which we could share with the threat intelligence community.

Even though Deception Technology in itself is a very powerful technology to increase one’s cyber defenses, it is even more powerful when used in a collaborative fashion. That is the main lesson learned from this experiment with a Collaborative Deception Fleet.

This whitepaper contains our learnings and experience with running a collaborative deception environment. The report describes the opportunities and challenges for further developing the Collaborative Deception Fleet from an experiment into an actual solution. Click here to download the Whitepaper Collabortaive Deception Fleet.

Beeldmerk PCSI
PCSI is a collaboration of
    ABN-AMRO Achmea ASML Belastingdienst ING TNO