Automated threat validation for improved incident response

A method for deploying threat specific deception campaigns for updating a score given to a malicious activity threat by performing an analysis of processes executed by computing nodes of a monitored computer network. When an analysis outcome is indicative of a malicious activity threat to the monitored computer network from process(es) executed on one or more of the computing node(s): setting a score to the malicious activity threat according to potential damage characteristic(s) of the malicious activity threat when the score is above a first threshold launch a threat specific deception campaign by using at least one deception application executed by the computing node(s) for gathering additional data and updating the score according to an analysis of the additional data, and when the score/updated score is above a second threshold generate instructions for alerting an operator and/or reacting to the malicious activity on the at computing node(s).