Deployment

Launch Decoys with Kubernetes Manifests or Docker Images

Deploy decoys where your security program runs today in cloud, on-prem, or hybrid. Use a Kubernetes manifest when your team operates clusters, or deploy with Docker-first workflows when containers are your standard. The goal is simple with fast, consistent rollout and enterprise-ready operational control.

Honeypot Deployment Options

Choose the model that best matches your environment and governance requirements

Cloud Native

Deploy decoys quickly in cloud environments with a Kubernetes manifest or container workflow.

  • Manifest-based rollout for cluster environments
  • Container deployment with Docker image support
  • Rapid expansion across cloud regions
  • Centralized visibility for distributed decoys

On-Premises

Run decoys in internal environments where data control and network policy are strict.

  • Kubernetes manifest deployment option
  • Docker image deployment option
  • Local network segmentation compatibility
  • Policy-aligned deception placement

Hybrid

Combine cloud and on-prem deployments under one deception strategy.

  • Consistent deployment model across environments
  • Unified operations for distributed decoys
  • Flexible rollout by business unit or region
  • Single response workflow for all signals

Architecture Highlights

Built for practical security operations, repeatability, and scalable rollout

Deployment Simplicity

Start fast with repeatable deployment packages designed for security teams and platform teams.

  • Kubernetes manifest for cluster-first teams
  • Docker image path for container-first teams
  • Consistent rollout steps across environments
  • Fast expansion without redesigning your stack

Operational Fit

Deploy decoys in ways that align with existing change control and security governance.

  • Structured rollout by environment and scope
  • Clear ownership between security and platform teams
  • Controlled updates and versioning practices
  • Repeatable quality across new deployments

Scale By Risk Priority

Begin with high-risk pathways and extend coverage as your program matures.

  • Pilot in one environment, then replicate
  • Expand decoy coverage by critical asset paths
  • Standardize deployment playbooks
  • Keep one operating model at enterprise scale

Deployment Model

Honeypots can be deployed through two practical paths depending on your environment and operating model.

  • One-line curl bootstrap to the API for fast host deployment
  • Bootstrap flow installs Docker automatically when it is not already present
  • Kubernetes manifest deployment with kubectl apply -f
  • Consistent rollout process across cloud, on-prem, and hybrid environments 
# Option 1: API bootstrap
curl -fsSL https://api.neroswarm.com/deploy.sh | bash

# Option 2: Kubernetes manifest workflow
kubectl apply -f neroswarm-honeypot.yaml

How Teams Use This

Concrete deployment workflows from pilot to enterprise scale

Fast pilot in one environment

Security teams deploy a first decoy set with curl bootstrap, validate alert quality, then hand off expansion to platform owners.

  • Start quickly without changing existing SOC workflow
  • Validate telemetry before broad rollout

Cluster-first production rollout

Platform teams apply Kubernetes manifests per environment and keep deployment patterns consistent across clusters.

  • Standardized rollout with kubectl apply -f
  • Repeatable process across regions and business units

Hybrid operating model

Organizations combine host bootstrap and manifest deployment to cover cloud and on-prem zones under one operating playbook.

  • One governance model for mixed estates
  • Consistent escalation and response ownership

Ready to deploy decoys at scale?

Talk to our team about rollout planning, environment fit, and deployment best practices.

Contact Sales