Deception technology deploys honeypots, honey tokens, and fake credentials throughout the network — any interaction with decoys is immediately suspicious since no legitimate process uses them.
Deception has near-zero false positives — only attackers (or very confused legitimate users) access decoys. Honeytokens: fake AWS keys in code repos, fake AD accounts, fake files in file shares. Detection is immediate upon first decoy access. Shifts attacker time wasted in decoy environment.