Automatically generating network resource groups and assigning customized decoy policies thereto

1. A cyber security system to detect attackers, comprising:

• a processor executing instructions stored on a non-transitory computer-readable medium;
  
  circuitry of a decoy deployer, under control of said processor via the instructions, (i) planting one or more decoy lateral attack vectors in each of a first and a second group of real resources within a common enterprise network of resources, the first and second groups of real resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and applications that were installed, wherein a decoy lateral attack vector is a decoy data object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, (ii) conforming the decoy lateral attack vectors in the first group to the characteristics of the first group, and (iii) conforming the decoy lateral attack vectors in the second group to the characteristics of the second group; and
  
  circuitry of a learning module, under control of said processor via the instructions, analyzing characteristics of the common enterprise network of resources, and deriving from the analyzed characteristics the grouping of the resources into the first and second groups.