As adversaries grow stealthier and dwell times stretch into months, traditional detection tools struggle to deliver meaningful, high-fidelity alerts. Modern defenders are turning to deception—planting believable traps, tokens, and honeynets woven directly into production networks—to expose intrusions before damage occurs. This session explores how adaptive deception has evolved beyond static honeypots into a dynamic, intelligence-driven layer of defense. Attendees will see how organizations are integrating canary assets across IT, OT, and cloud environments to generate precise telemetry, confuse attackers, and reduce mean-time-to-detect from weeks to hours. Real-world case studies and live demonstrations will illustrate how deception can be safely automated, measured, and scaled as part of a mature detection and response strategy.
• Understand how adaptive deception architectures differ from traditional honeypots and how they integrate into enterprise SOC workflows. • Learn to design and deploy canary tokens, honey credentials, and decoy services that provide high-confidence alerts with minimal operational risk. • Explore real-world case studies where deception has shortened dwell time and produced actionable threat intelligence in IT, OT, and cloud environments. • Discover how to measure effectiveness and maturity, using metrics, automation, and frameworks such as MITRE Engage to guide continuous improvement.
