Integrating Deception Technologies Into Cyber Defence Ecosystems: Enhancing Cyber Situation Awareness Through Multi-Layered Monitoring

Deception technologies (DTs) can enhance Cyber Situation Awareness (CSA) by generating low-noise, high-fidelity telemetry that reflects real adversarial behaviour. Earlier studies have demonstrated their use in modelling medical devices, analysing ransomware incidents, and structuring detection capabilities across attack phases. Building on this foundation, this study examines how DTs can be systematically inte- grated into broader cyber defence ecosystems. It combines five comple- mentary perspectives—technical, architectural, process, cognitive, and operational—to introduce a Construction Model that treats deception- derived telemetry as both a sensor input and an analytical driver within layered monitoring. The model explains how deception can support sit- uational visibility, analytical correlation, and human–machine collabo- ration, thereby contributing to adaptive and intelligence-driven CSA. The key contribution is to connect isolated deception deployments with integrated, feedback-oriented defence practices that strengthen organi- sational resilience.