Three Reasons Why Honeypots Should be on Your Cybersecurity Menu

Share and earn Cybytes
Facebook Twitter LinkedIn Email


You can catch cyber attackers, watch their activity, and use it against them

You can spot a breach faster

You don’t have to DIY to get an integrated, scalable solution

It’s strange. The concept of a “honeypot” is well known (an isolated and monitored server that appears to be a high value target, drawing attackers away from the real assets). Yet, it’s not a word you see a lot when reviewing cybersecurity best practices. Is it because of how characters like Elliot on “Mr. Robot” (the USA Network series) make it look like only a genius could program it? Or does it look like something only an organization with top-secret clearance would need?

The Security Operations Center should be part of your team.

Regardless of the “why?” the fact remains that a honeypot should be one of any organization’s top go-to’s for cybersecurity, along with firewalls, anti-virus programs, and all the other usual suspects. “We asked attackers on both sides of the law what really scares them,” says Sensato CEO and cybersecurity expert John Gomez. “It wasn’t intrusion detection or firewalls, because they can get around those. One thing that does scare them is honeypots. They know they can be hard to spot and if they touch one, they’re caught.”

Three reasons why honeypots should be on your cybersecurity menu

1. You can have the joy of turning the tables: The “fun” part of installing honeypots is that you get to flip the script on your attackers. While they’re safely contained in a honeypot, you can sit back and watch their exploits. You can study their tactics, using that information to strengthen your defenses. Then, you can counter-attack. Sweet!

Tip for creating effective honeypots: Don’t cheap out! Attackers will smell a rat if they see a different type of server. Make sure each honeypot “looks” like the rest of your system.

2. You can spot a breach faster: Honeypots with built-in breach detection alarms can quickly send out alerts so your team can mobilize, analyze, and cut off any further access.

Tip for getting a good return on your honeypot investment: Decide in advance what type of data you want to capture and how you want to use it. This will help you and your cybersecurity partner target exact placement and types of honeypots.

3. It doesn’t have to be DIY: You don’t have to be the expert in all things, and you certainly don’t have to write the code yourself (a la Elliot/Mr. Robot). A good cybersecurity partner can help you assess your assets, recommend placement of honeypots, handle the integration, and provide the monitoring.

Tip for getting the most out of the data captured: Make sure all data captured by your honeypots is streamed to your existing IT security systems.

“We already know from past experience that one of the first things cyber attackers will do is scan the network, cataloging everything on it so they know what to target and how,” says Gomez. “So, honeypots offer a critical line of protection as well as a source of incredibly powerful information.”

A prime example: a cybersecurity group recently set a honeypot that looked like a major energy provider’s network. When it was breached, the attackers didn’t use malware; they used standard capabilities built into modern operating systems. So, if the breached “network” had not been a honeypot, the attackers could have stayed in the system without detection indefinitely.

What should you demand in a honeypot solution

Early intrusion detection: The average attack takes 14 minutes. When your organization is under attack, every second counts. While you can get a BDA solution separately, having it integrated into your honeypot/s is critical. A honeypot solution that includes BDAs, even better. Ask your cybersecurity partner if your honeypots can be connected to their ops center for best coverage and response.

Forensic collection: More than just alerting you to an intrusion, a honeypot allows you to monitor and track the attackers’ activities. You want a honeypot that gives you full transparency, along with the ability to turn your forensic analysis into action. 

Counter-attack: Using forensic analytics, a good honeypot should give you tools for responding to the attack. Because of the speed and ferocity of cyberattacks, your honeypot should provide automated counter measures, as well as machine learning or even AI capabilities.

Integration: You can’t expect all your people to work together if your tools don’t work together. Look for a solution that provides a single view of everything on your security system and allows you to manage your entire organizational readiness from one screen in real time.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Sensato Cybersecurity Solutions
Sensato is specifically focused on providing leading-edge realistic cybersecurity solutions to the healthcare industry and critical infrastructure. We work with organizations across healthcare, including, but not limited to - hospitals, physician practices, pharmacies, insurers, independent service providers, ISVs, medical device manufacturers, consultancies, patient health companies, drug developers and biotech. Sensato works with those who provide critical services to our country as well. From helping safeguard those who protect and serve, to assuring that those who provide clean water, power and heat our homes Sensato is a key provider of critical infrastructure cybersecurity. We take our responsibility to safeguard the lives from cyber attacks extremely seriously. Sensato is not just another cybersecurity firm. We are a highly passionate team of cybersecurity operators with broad talent, experience and commitment. .

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?