A honeypot is like a camouflaged tripwire with a bell at the end that alerts the security team early about potential external dangers. They are a critical tools for your company when it comes to early detection of attacks.
Strategically placed traps
Honeypots are a form of decoy/trap that are placed strategically in different locations on the company’s network. Their purpose is to attract the attention of hackers, and they do so by ‘impersonating’ a valuable server, file, user or the like.
Because a honeypot masquerades as a legitimate server, file, user, etc., it is extremely difficult for hackers to avoid them, as they can’t tell the difference until they have interacted with the honeypot. When a hacker interacts with a honeypot, an alarm will be activated indicating that something has interacted with a system that shouldn’t have.
So honeypots act as an early warning for the security team, which can quickly identify where the unknown activity originated. In addition, honeypots provide deeper insight into how hackers work and can thereby help prevent future attacks.
Honeypots, honeyfiles and honeyuser
There are different types of honeypots, all of which aim to detect unauthorised interactions, but which have different areas of application:
A host placed on the company’s network impersonating a computer of value. A hacker on the network will find the server attractive and will therefore attempt to log in or scan it for vulnerabilities. This type of honeypot is tasked with detecting when hackers try to move around the network after they find a way in.
A file placed on a computer that impersonates a document containing passwords, a sensitive database, or something else a hacker might find interesting. A hacker who has gained access to the computer will presumably attempt to read or extract data, which will be discovered when a honeyfile is accessed.
A user created on one or more computers in the network that typically impersonates a user with high privileges such as an administrator account. A hacker on the computer will most often attempt to map and misuse accounts with high privileges, which will be detected when a login is attempted with a honeyuser.
Address tomorrow’s challenge, today.
Talk to an expert about how we can secure your business