Security and risk (S&R) professionals can leverage deception technologies that mimic real production applications and systems in an attempt to lure attackers into an intrusion. The concept isn't new, but current technologies are gaining interest again due to a wave of innovation and venture capital investment. In this report, we explain the benefits and limitations of deception technology and profile and explain when it makes sense to invest in it (and when it doesn't).