{# Use overflow-x: clip instead of hidden so html/body don't become scroll containers, which would break `position: sticky` (e.g. the blog TOC sidebar). #} Deceptive security glossary | Trapster
Glossary

Deceptive security glossary

The reference definitions of the key concepts of detection by deception: honeypots, decoys, canary tokens, lateral movement and much more. Every term links to related notions so you can explore the topic in depth.

Honeypot

A honeypot is a monitored decoy system with no legitimate use, so any interaction with it is inherently suspicious.

Read the definition

Honeytoken

A honeytoken is fake data (credentials, an API key, a document) that is never legitimately used, so any access to it signals a compromise.

Read the definition

Breadcrumb

A trace or lure deliberately planted on a real endpoint to be discovered by an attacker and steer them toward a decoy or honeypot.

Read the definition

Deceptive security

Deceptive security is a defensive strategy that plants decoys and traps to detect, mislead and study attackers who are already inside the network.

Read the definition

Decoy

A fake asset (server, workstation, service, share, database) that mimics a real production resource to lure, slow down and detect attackers.

Read the definition

Lateral movement

Lateral movement is the post-compromise phase in which an attacker progresses from an initial foothold toward other systems on the network.

Read the definition

Insider threat

A security risk originating from people with legitimate access: malicious insiders, negligent insiders, and compromised accounts.

Read the definition

Dwell time

Dwell time is the elapsed duration between an attacker's initial compromise and the moment they are detected within the environment.

Read the definition

High-interaction vs low-interaction honeypot

A comparison of low- and high-interaction honeypots across the trade-offs between realism, intelligence quality, operational risk and cost.

Read the definition

Canary token

A canary token is a unique, inert marker that fires an alert the moment it is accessed or used, acting as a lightweight digital tripwire.

Read the definition

MITRE ATT&CK

A globally adopted knowledge base of adversary tactics and techniques drawn from real-world observations, organized as tactics and techniques.

Read the definition

False positive

A false positive is a benign event wrongly flagged as malicious by a detection tool, raising an alert where no real threat exists.

Read the definition

Want to see these concepts in action?

No pressure: take 30 minutes to see how Trapster puts honeypots, decoys and canary tokens to work on a real network.

Book a demo

30-min demo, no commitment ยท Hosted in France