Zscaler Deception (formerly Smokescreen) is a cyber deception platform that deploys decoy assets across enterprise environments to detect and intercept attackers who have bypassed existing security controls. The platform works by distributing realistic fake targets — including decoy servers, applications, users, credentials, files, and cloud resources — throughout the environment. When an attacker or compromised user interacts with any decoy, the security team receives an immediate high-confidence alert with near-zero false positives. Key functional areas include: - Endpoint Deception: Deploys decoy files, credentials, and processes on endpoints to detect lateral movement. - Application Deception: Hosts decoy server systems running services such as SSH servers, databases, and file shares. - Cloud Deception: Detects lateral movement in cloud environments using decoy web servers, file servers, and databases. - GenAI Decoys: Deploys decoy chatbots, LLM APIs, adaptive decoys, and agents to detect attacks targeting GenAI infrastructure. - Threat Intelligence Deception: Uses internet-facing decoys to identify pre-breach threats targeting the organization. - ThreatParse: Provides automated forensics and root cause analysis from context-rich deception logs. The platform integrates with Zscaler's Zero Trust Exchange to enable dynamic containment of threats by limiting or cutting off access to SaaS services and internal applications upon detection. It is designed to detect identity-driven attacks, ransomware, supply chain exploits, and credential abuse that evade signature-based or behavior-based defenses.