How To Make Your Modern Honeypot an Enterprise Defense

The modern honeypot is a security tool developed using open-source framework. Honeypots are like interactive traps which are useful to study would-be attackers. Enterprises host a no-stakes entity such as a website that attracts threats including invasive bots and attackers. Criminals are trying to access proprietary data, client leads, personnel biographical data, financial transaction data, internal memos, or anything of value. Honeypots are created to monitor, record, and analyze hackers’ behavior.

The purpose of sponsoring a honeypot is to gain useful intelligence about threats. A decoy network is established with the assumption that all traffic to it is uninvited and malicious. Witnessing and examining attacks lead to identifying and catching cyber-criminals. Studying invasive behavior exposes system vulnerabilities. This tactic works outside the network where it can scan for threats. It works within the network to detect breaches coming from within or targeted outsider attacks.

The reputation of your company and consumer confidence in your web store are assets. Consider a honeypot to protect against costly repairs and loss of irreversible social collateral. Use it proactively to defend your business from email hacks, browser attacks, breaches of secure data.

Security applications like the modern honey pot date back almost to the beginning of the web. The need for threat management was evident not long after people took to the Internet and the scientific community witnessed the inevitable lawless period characteristic of any frontier. The market for an effective decoy was evident; however, the complexity of their nature made them expensive to develop and labor-intensive to maintain. Prohibitive costs had put honeypots beyond the means of many businesses for a long time.

How can small or medium sized businesses use a honeypot today? More recently, developments allowed honeypots to be accessible to enterprises of any size or budget. Free open-source architecture for implementing custom honeypots is based on a downloadable program, Modern Honey Network. Hosting, customization, and ongoing management of the software do carry inherent costs, as does using the information collected. However, the tool itself is made free for the greater good. Credit for development of the Modern Honey Network goes to ThreatStream.

How do you choose which kind of honeypot to use? A modern honeypot may take many forms. You may set up an email account that isn’t used for any other purpose than identifying spammers who’ve scanned the web for addresses to solicit. A high-interaction resource in the guise of a phony web environment can be hosted to monitor malware. If your IT security team hasn’t already suggested building a modern honeypot, it is perhaps out of their league. If this is the case or if you have no security staff, consider hiring specialists to build and manage it. The struggle to have superior technology continues to escalate. Spammers and other criminals now have honeypot detectors in their arsenal.

This responsibility may be best left to professionals. Working with an experienced service to deploy your honeypot gives you the benefit of their skills as well as the aggregate of the other intelligence collected. Why not compare the “fingerprints” in your honeypot against as large of a bank of samples as possible?

Internet security is a high-stakes game. Having a honeypot gives you peace of mind that you're taking the most technologically advanced measure available. A modern honeypot is a relatively new tactic. However, the principle of guarding new treasures with the newest traps is as old an idea as the invention itself. It's time-tested wisdom that due diligence has the greatest return on investment.

Download our free white paper that describes the Anomali Match model which focuses on prioritization and relevance for both security operations and threat analysts.

Free Download Here