The use of decoys as a security measure in organisations is known as honeypotting. It is through “honeypots” that this objective is achieved, by designing and deploying synthetic services attractive to attackers who, in the event of compromising the perimeter, these services will become their potential first target.
This achieves two goals: the first is to stop the threat, because instead of engaging a real environment, it is focused on a synthetic decoy. And secondly, and duly treating the honeypot, to learn more about the adversary and their techniques and/or intentions, through the analysis of the evidence that these adversaries leave on the decoys.
The use of honeypots is currently widespread in organisations, although it should be noted that it is the organisations with a higher degree of maturity in cybersecurity that are adapting them and taking full advantage of them.