Deception technology has long flown under the radar in mainstream cybersecurity conversations. However, in 2024, with the rise of supply chain attacks, lateral movement has become harder to detect. Therefore, using deception platforms is no longer optional. It has become essential.
QKS Group’s SPARK Matrix for Deception Technology has mapped out how vendors stack up across technology excellence and customer impact. The Matrix reveals important market shifts from 2023 to 2024. Which includes new leaders, strategic exits, and a recalibration of what “deception” really means in the age of XDR, zero trust, and AI-led defense. In this blog, we will analyze how vendor positions have changed between the 2023 and 2024 SPARK Matrix reports. Also discusses what that says about the maturity and future of the deception Market.
Consistent Leadership: Acalvio and Attivo Hold the Line
Two vendors retained their Leader status across both years: Acalvio Technologies and Attivo Networks (now part of SentinelOne). Acalvio continues to impress with its AI-powered deception capabilities. Its ShadowPlex platform uses a blend of software agents, breadcrumbs, and network lures, all integrated with machine learning to adapt in real time. The platform’s architectural flexibility and integration with SIEM and SOAR tools help explain why QKS continues to recognize Acalvio as a top-tier vendor in both reports.
Attivo Networks, acquired by SentinelOne in 2022, also retains its Leader spot. Its identity-centric deception capabilities, particularly in protecting Active Directory environments and mitigating identity-based threats, are now more tightly integrated into SentinelOne’s Singularity platform. This gives it a broader security context, making its deception layer not just reactive but strategically predictive.
The top two have not just stayed relevant, they’ve evolved their deception portfolios to fit into larger security architectures, earning them continued leadership.
New Entrants: Illusive, WatchTower, and Sekoia Step In
The 2024 Matrix includes three new vendors that were absent in 2023:
- Illusive (Proofpoint): Illusive makes its debut as a Leader in 2024, and rightly so. Known for its strength in identity deception and lateral movement detection, Illusive was acquired by Proofpoint in 2022. Now integrated into a broader data protection and insider threat platform, Illusive’s deception capabilities are gaining traction in enterprises where identity risks are a primary concern.
- WatchTower: A Contender in 2024, WatchTower brings a modern, threat intel-informed deception approach. While still maturing, its ability to generate real-time insights using decoy assets and behavioral traps gives it potential for rapid advancement. The 2024 SPARK Matrix acknowledges its promising trajectory, even if it’s not quite in Leader territory yet.
- Sekoia: This France-based security firm is also a Contender, offering deception capabilities embedded in its broader threat detection and response platform. With strong roots in threat intelligence, Sekoia’s entry into the Matrix highlights a growing convergence between deception and intelligence-led detection.
The addition of these vendors points to growing adoption in both identity-first and intelligence-driven security strategies. Deception is no longer a niche add-on, it’s becoming a built-in layer in broader XDR ecosystems.
Notable Exit: Smokescreen Technologies Disappears
One of the most visible changes in 2024 is the absence of Smokescreen Technologies, a Leader in 2023.
Smokescreen, acquired by Zscaler in 2021, appears to have been subsumed into Zscaler’s larger cloud security and zero trust architecture. The deception-specific branding and platform seem to have been folded into broader modules. This likely explains why the vendor is no longer listed independently in the 2024 SPARK Matrix. As deception becomes a feature rather than a standalone product, acquisitions may blur vendor visibility, even when the technology lives on inside other platforms.
Midfield Dynamics: TrapX, Fidelis, and Others Hold Ground
Several vendors, like TrapX Security, Fidelis Cybersecurity, and Zscaler, remain steady in the Challenger or Contender categories across both years.
- TrapX continues to deliver value in industrial and healthcare environments, where traditional deception deployment can be difficult. Its use of emulated devices and low-friction traps keeps it relevant, though not leading.
- Fidelis and Zscaler, both multi-product vendors, maintain mid-tier positions. Their deception capabilities, while solid, are not the core of their platforms, and that limits their leadership prospects.
- CounterCraft and CyberTrap, which received strong regional traction in 2023, maintain similar positions in 2024, with no major moves up or down.
For vendors that treat deception as a feature rather than a flagship, the market rewards utility, but reserves leadership for those making deception central to their strategy.
Overall Vendor Count and Market Signals
One subtle shift: the number of vendors dropped from 16 in 2023 to 15 in 2024. That’s not dramatic, but it’s notable. As deception tools become more embedded within platforms like EDR and XDR, standalone deception vendors may either consolidate or pivot to adjacent capabilities like identity protection, threat hunting, or SOC integration.
The slightly smaller field suggests a maturation trend, not a shrinking market. Deception isn’t going away, it’s simply becoming more integrated.
Where Is Deception Technology Headed in 2025?
From a security strategist’s viewpoint, deception is one of the few tools that can turn the attacker’s advantage into a liability. Unlike traditional tools that alert after compromise, deception creates a reverse reconnaissance layer, forcing attackers to reveal themselves.
What stands out in the 2024 Matrix is that deception is clearly gravitating toward identity and insider threat domains. Vendors like Illusive, Acalvio, and Attivo are doubling down on identity traps, directory deception, and privilege misuse detection. This reflects a broader market understanding: identity is the new beachhead for attackers, and deception is uniquely equipped to defend it.
Moreover, as SIEMs, SOARs, and XDRs evolve, deception isn’t operating in isolation. It’s becoming part of threat response playbooks, triggering automated investigation paths, isolation routines, and forensic captures. Expect this trend to continue into 2025, especially as AI-powered playbooks become more common in the SOC.
Also worth noting is the emergence of regional players like Sekoia and WatchTower. These vendors may not yet rival U.S.-based leaders, but they demonstrate how deception is being tailored to local regulations, threat landscapes, and deployment styles, especially in Europe.
Lastly, the fading of Smokescreen as a standalone brand hints at a future where deception becomes a hidden but essential feature inside broader platforms, rather than a line item on a product list. This is good news for buyers, if it’s done right, but bad news for vendors who can’t differentiate their deception layer with precision, integrations, or use-case depth.
Final Thoughts: Deception Moves from Niche to Necessity
The evolution of deception vendors between 2023 and 2024 reflects the shifting realities of cybersecurity:
- Identity is the new perimeter.
- Detection must happen before compromise, not after.
- Attackers are getting smarter, faster, and more evasive.
Deception technology is uniquely positioned to meet these demands. The SPARK Matrix shows that the vendors winning today are those integrating deception with identity, threat intel, and automation. As deception moves from standalone platforms to deeply embedded layers in broader security ecosystems, buyers must evaluate not just how “clever” a trap is, but how well it supports the entire detection and response cycle. Whether you’re a CISO seeking lateral threat visibility or a SOC manager tired of chasing false positives, deception might just be the quiet MVP of your security stack.