The Cyber Deception Glossary

9 May 2022 | by Hannah Brice

Everyday there is news of another security breach, data theft or software vulnerability. Fortunately, new methods and technologies to help businesses to stay protected keep coming along too to help organizations minimize significant security risk.

Cyber deception, or deception technology, is one such method that is proving highly effective at restricting a data breach and if put in place, could help your Chief Information Security Officer sleep better at night. But, before you invest in it, it helps to understand all of the terminology. Treat this A-Z glossary as your guide.


Active Defence

Active defence refers to the counter-tactics a business or individual can use against a cybercriminal to slow down or increase the difficulty to gain unauthorized access and make an attack on their computer networks.

Alert Fatigue

Alert fatigue, or alarm fatigue, is when employees are overwhelmed by the increasing number of alerts they are receiving and run the risk of missing a critical alert. Alert fatigue is common in cybersecurity due to the prevalence of continuous scanning tools.  

Attack Awareness in Applications

Attack aware software applications help organisations identify a genuine cyber attack and respond to them more quickly, thereby neutralising an attack before it takes advantage of an organisation’s software vulnerability and confidential information.

Attack Canaries 

The canaries helped miners in the late 20th century to identify the presence of high levels of lethal gases, such as carbon monoxide. In the cybersecurity world, a canary is a physical or virtual device that can act as a range of devices in various configurations. This means it can be a Windows file server, workstation, or anything else you require.

Canary devices are like honeypots. They imitate a system that may convince an attacker with malicious intent to penetrate them. Once they do that, administrators can easily track their behaviour. Canary tokens are unique triggers embedded in files that alert of a cyber attack.

Attack and Response Velocity

Attack and response velocity is a company’s time or speed to respond to a cyber attack.

Attacker Engagement

Attacker engagement means interacting with a person with malicious intent to push them into causing less harm than intended. Security breach thereby avoided.

Autonomous Deception

Autonomous deception is when the deception technology makes independent decisions on how to deceive the attacker if they try to penetrate the system.



Beaconing means a situation where malware occasionally communicates with the cyber criminal’s C2 server to know how to perform malicious tasks on the victim’s machine.

Booby-Trapped Software

A good intrusion prevention systems, this is where an alert gets triggered when an unauthorised person tries to perform an ordinary action like opening or sending an email attachment.


In deception technology, breadcrumbs are close-to-real traps that a deception platform leaves in the system to catch potential attackers.


Counter Attacking

A counterattack is a military term that describes large-scale, strategic operations that successfully resist the enemy’s offences while occupying defensive positions. This is a self-defence mechanism that slows down or stops a cyber attack.

Counter Hacking

Counter Hacking is action taken to halt a hacking attack.


Data Spoofing

This is the practice of imitating a communication from an unidentified source as being from an identified, trusted source. Data spoofing gains the victim’s personal and sensitive information, transfers malware through malicious links or attachments, and penetrates network access controls through emails, phone calls, or websites. IP Address spoofing is also common.

Deception is a proactive cybersecurity defence system that works to prevent an attack by deceiving the hacker with traps and decoys which imitate genuine elements of a company’s infrastructure. As a decoy is triggered, alerts are sent in real-time to the IT security team and the system will monitor the attacker’s behaviour to gain insight about the temptations and potential weaknesses in their systems.

Deception Cyber Kill Chain

This is a comprehensive chain that includes crucial aspects of reinforcing deception technology. It includes specifying deception goals, collecting adversary information, designing a cover story, planning, preparing, executing, monitoring, and implementing the deception strategy.


Decoys are also known as deception systems, tar-pits, and honeypots. They are fake components that display several vulnerabilities to persuade cybercriminals to access an imitation system, preventing unauthorised access to genuine networks.


Often used as an additional level of protection against several cyberattacks, deflection works to restrict criminals from seeking access to sensitive information and reveals their identity whenever they penetrate the network. The strategy also includes decoys that delay the attacks, giving the security team enough time to respond.

Digital Doctoring

The manipulation of digital content, software, or similar things.


Endpoint Deception

Deception that harms an endpoint, which is a device serving as an endpoint for a network. These can be servers, laptops, mobile phones, desktops, etc.


False Flag Operations

A false flag operation involves blaming the source of action on another party.


Honeypots (High, Medium, Low Interaction)

These are decoy systems or servers that work with your network’s production systems. When deployed, honeypots divert the cyber attackers by adding security monitoring opportunities for the company’s blue teams.

They are of three types depending on their level of interaction:

●      Low Interaction. It involves less interaction of the adversary with the decoy system. It is a static environment.

●      Medium Interaction. It provides an ideal balance involving fewer risks than low or high interaction but high functionality.

●      High Interaction. It provides the attacker with systems to attack without giving them any clue of being fake.


A honeyport is like a honeypot, but it looks for a third-party or external connection to perform a specific action (mainly blacklisting) against them.

Honey Credentials

These are a series of fake passwords to use as a trap.

Honey Users

Honey users are non-existing users within an organisation that detect an attacker’s activity. When a cybercriminal tries to log in to a honey user’s account, the deception technology creates a Honey User Authentication incident that shows the exact time and asset the attack was made for.


Lateral Movement

These are the steps that cyber attackers take to gain initial access to sensitive data and move further into a network. When an attacker successfully enters a network, it keeps moving while benefiting from various tools.



Data masking or obfuscation modifies sensitive data to make it of no or little value to the cybercriminal but still valuable for authorised personnel.


Mimesis is the act of manipulating the cybercriminal into believing that a database exists.


See mimesis.


Mimic defence (MD) is an active defence technology that improves the counterattack capability of devices. It organises several redundant different functionalities to respond to the same external request and compensates for any security flaw in the system.

Moving Target

Moving target methods randomise the cyberspace components to minimise the chances of successful attacks. It involves adding dynamics to the system to reduce the lifetime of an attack and limit damage.


Network Deception

Deception within a network. See deception above.

Network Visibility

It shows the components and data within an organisation’s computer network with the help of various tools and other contents.



See masking.

Offensive Cybersecurity Operations

These operations are proactive attacks on cybercriminals to weaken their malicious attempts and prevent future attacks. It targets the attacker’s behaviour by introducing ambiguity or uncertainty.


Perimeter Deception

Perimeter refers to your network’s boundary. See deception above.


Perturbation is protecting data by adding “noise” to a database that makes records hard or impossible to read to unauthorised users. The noise can be anything that disrupts or corrupts the data transmission by impacting the signal quality.



This is where a cybercriminal is redirected to an unreal or fake part of a network.


Spear Phishing

Spear Phishing is a form of cyberattack in which malicious messages that look authentic are sent.

These messages are primarily sent via email and play with human emotions or traits to extract sensitive information from them quickly. Asking for funds transfer, urgent documents, and or convincing the recipient to open an attachment or a link are typical examples of spear phishing.


It is a broad term for cyberattacks that involve targeting victims through a source that looks legitimate but is not. Cybercriminals ask the victim to send them the information they need.


Threat Engagement

Responding to a threat. People who are threat-sensitive engage more quickly than others.


See decoy above.

Is something missing from this glossary? Contact us for information.

9 May 2022 | by Hannah Brice

Speak to an Expert

Whether you have a specific security issue or are looking for more information on our Deception as a Service platform, simply request a call back with one of our security experts, at a time that suits you.