Detection with decoys

Early on, you won't have much money to budget for detection capabilities.

But it doesn't mean that you don't get to have any.

There are a few options available to you. One of them is the decoy. It's a trap that alerts you when something is not supposed to happen. Big companies have products that let them generate these on-demand. But if you're just getting started, you can keep this minimal.

Decoys work a bit like analytics trackers.

You put some kind of dynamic content, like a tracking pixel, in a document. Except the document looks like it contains something private or valuable.

You put the document somewhere you assume is protected. If someone interacts with it, you know they might be up to no good.

It doesn't have to be a document. It could be an email in an inbox, a usb key in a vault, or an API key on a developer machine.

You don't need that many. Focus on a few key locations.

Make sure that someone is responsible to monitor these alerts, and that they have a plan of action in the event that one of them is triggered.

For little to no budget, you'll have an alert system that works for a good portion of intrusions.

I hope you found this valuable

I send out an e-mail whenever I publish new content. It's free. No spam. Unsubscribe whenever you want.