A computer implemented method of detecting unauthorized access to a protected network from external endpoints, comprising monitoring, at a protected network, communication with one or more external endpoints using one or more access clients to access one or more of a plurality of resources of the protected networked, where one or more deception resources created in the protected network map one or more of the plurality of resources, detecting usage of data contained in one or more of a plurality of deception data objects deployed in the one or more access clients by monitoring an interaction triggered by one or more of the deception data objects with the one or more deception resources when used and identifying one or more potential unauthorized operations based on analysis of the detection.
展开▼