Cyber deception deploys decoys throughout the environment — honeypots (fake systems), honey tokens (fake credentials/files), canary tokens (tracking URLs/documents) that alert immediately when accessed.
Deception shifts the advantage: attackers must avoid ALL decoys, but defenders only need one decoy touched to detect them. Zero false positive rate from decoys (no legitimate process ever touches them). Canary tokens in documents alert when opened — detecting document exfiltration even after the file leaves your control.