Automatically generating network resource groups and assigning customized decoy policies thereto

1. A cyber security system to detect attackers within a network of resources, comprising:

• circuitry of a network data collector collecting data regarding an enterprise network, the data comprising network computing resources and operating systems of the network computing resources, users and user privileges, installed applications, open ports, previous logged on users, browser histories, vault content and shares, from data sources comprising a directory service, the network resources, knowledge bases comprising firewall logs, and in/out ports of machines;
  
  circuitry of a learning module analyzing the data collected by said network data collector, determining therefrom groupings of the network resources into at least two groups, and assigning a customized decoy policy to each group of resources, wherein a decoy policy for a group of resources comprises one or more decoy lateral attack vectors, and one or more resources in the group in which the one or more decoy lateral attack vectors are to be planted, and wherein each of the one or more decoy lateral attack vectors is an object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker; and
  
  circuitry of a decoy deployer planting, for each group of resources, one or more decoy lateral attack vectors in memory or storage of one or more resources in the group, to implement the decoy policy for the group.