How Six Security Leaders Use Deception to Turn the Tables on Attackers

Zscaler Blog

How Six Security Leaders Use Deception to Turn the Tables on Attackers

In today's digital landscape, attackers who bypass existing controls are harder to spot and more dangerous than ever. Traditional defenses, signature-based tools, and reactive alerting too often allow bad actors to stay undetected in environments for longer - Mandiant's M-Trends 2025report shows a 10% increase in dwell time from the year before, for example.

How can security leaders put the burden of success back on attackers? Deploy convincing fake targets attackers can't resist, and catch them the moment they take the bait.

What Is Deception Technology and Why Security Leaders Need It

Deception technology (often called honeypots and decoys) is about active defense. Unlike traditional security controls that monitor for known bad behavior or signatures, deception creates an irresistible landscape for attackers by deploying realistic decoys (files, users, servers, credentials, applications, etc.) across your environment. These decoys look and behave just like real assets but are monitored traps designed to lure, identify, and intercept attackers the moment they try to move or escalate privileges.

Why is deception technology critical for today's enterprises?

• GenAI and Identity-Driven Attacks: Adversaries are increasingly leveraging GenAI and stolen credentials to evade detection, blending into trusted environments.
• Bypassing Traditional Defenses with Stolen Identities: Once a legitimate identity is compromised, attackers can move laterally, access SaaS apps, and target sensitive data, all while looking legitimate.
• Traditional Security Blindness: Nearly 80% of modern attacks are identity-driven, and a staggering 91% don't generate alerts with legacy tools.

With Zscaler Deception, security teams are changing the rules of the game, catching adversaries in the act, before they can reach critical data. Deception disrupts the attacker's playbook by laying a digital minefield everywhere attackers might try to go, diverting them away from real assets and alerting defenders instantly. And, it does so without overwhelming SOC teams with false positives.

Let's explore why more leaders are integrating Zscaler Deception into their zero trust strategies, and how customers like Godrej, Novelis, Cushman & Wakefield, MGM Resorts International, Persistent, and FICO are using deception to detect, expose, and stop modern attacks.

Cushman & Wakefield, MGM Resorts, Persistent, and FICO: Diverse Industries, One Clear Choice to Outsmart Sophisticated Attackers

The success stories don't stop there. Many more visionary security leaders are turning to Zscaler Deception to expose hidden threats and empower their security teams to outsmart advanced attackers.

Cushman & Wakefield: For this global real estate leader, identity compromise is a persistent threat. The SecOps team relies on Zscaler Deception to catch sophisticated identity-driven attacks:

"The Zscaler Zero Trust Exchange plays a critical role in keeping threats at bay by minimizing the attack surface. In case of a compromised user or insider threat, Zscaler Deception can intercept those attacks to stop hidden adversaries."
- Eric Hart, CISO

Learn more about Cushman & Wakefield's journey with Zscaler Deception

MGM Resorts International: With entertainment properties worldwide, MGM faces constant and targeted attacks. Their secret weapon? Making fake assets irresistible:

"As an attacker, when you've compromised an environment, you're hunting for opportunity, and everything is fake. It's what Deception technology does… every attempt they give, that's triggering an alert for your group to respond to."
- Stephen Harrison, CISO

Learn more about MGM's journey with Zscaler Deception

Persistent: As a global digital engineering powerhouse, Persistent set out to detect and stop sophisticated threats moving laterally inside the environment. With Zscaler Deception in place, Persistent deployed decoys throughout the enterprise, ensuring that adversaries are caught quickly, allowing the SOC team to act decisively while avoiding alert fatigue.

"Zscaler Deception has detected more than 80 notable attacks over a 90-day period, including 31 high-risk attacks. It has proven its value in a short time."
- Debashis Singh, CIO

Learn more about Persistent's journey with Zscaler Deception

FICO: This world leader in analytics and risk uses Zscaler Deception both inside and outside the company's environment, customizing decoys for internal threat intelligence and external intelligence gathering.

"We've deployed customized decoys internally and externally to gather threat intelligence and keep attackers away from our core assets. It's been an exciting and effective way to further protect our environment, and it gives us a proactive edge in staying ahead of potential threats."
- Ben Nelson, Chief Cyber Security Officer

Learn more about FICO's journey with Zscaler Deception

Decoys Can Shift the Advantage: Common Themes From Six Security Innovators

Across a spectrum of industries - manufacturing, high-tech, real estate, hospitality, and financial services - these customer stories reveal key insights:

• Early Detection Before Damage: Deception delivers pre-breach warnings, allowing teams to take action before attackers infiltrate critical infrastructure.
• Unrivaled Visibility and Context: Customers consistently report greater visibility into network activity and attacker TTPs (tactics, techniques, and procedures) compared to legacy tools.
• Reduced Alert Fatigue: With near-zero false positives, Zscaler Deception enables security teams to quickly prioritize and respond to real threats.
• Seamless, Scalable Deployment: As a cloud-native part of the Zscaler Zero Trust Exchange, Deception deploys quickly (some decoy types offer one-click deployment) and integrates smoothly with SIEM, SOAR, and existing security operations workflows.
• Protecting GenAI and Modern Attack Surfaces: Decoys detect attacks on the GenAI infrastructure, SaaS, cloud environments, and identity systems where attackers are increasingly focused.

Above all, these organizations highlight a shared benefit: shifting the advantage back to the defender. By populating their environments with convincing traps, they force attackers to reveal themselves and take the uncertainty out of threat detection.

Today's attackers are resourceful, patient, and persistent, but organizations can be proactive, too. By integrating Zscaler Deception into their zero trust strategy, customers like Godrej, Novelis, Persistent, Cushman & Wakefield, MGM Resorts, and FICO are resetting the rules of engagement and catching adversaries before they can cause harm.

As these leaders demonstrate, when attackers can't distinguish real assets from traps, defenders regain control. The result: better protection, fewer breaches, and a future where the advantage stays with you.

Ready to learn more about how to take your threat management program to the next level?

Request a demoto see first-hand how Zscaler Deceptioncan help you expose hidden threats, intercept attackers, and give your security team the visibility and control they need to stay one step ahead.

Disclaimer: This blog post has been created by Zscaler for informational purposes only and is provided "as is" without any guarantees of accuracy, completeness or reliability. Zscaler assumes no responsibility for any errors or omissions or for any actions taken based on the information provided. Any third-party websites or resources linked in this blog post are provided for convenience only, and Zscaler is not responsible for their content or practices. All content is subject to change without notice. By accessing this blog, you agree to these terms and acknowledge your sole responsibility to verify and use the information as appropriate for your needs.

Explore more Zscaler blogs

Get the latest Zscaler blog updates in your inbox