A Honeypot in cybersecurity refers to a strategy used to catch cyber criminals in the act of trying to exploit a vulnerability and compromise a company. A honeypot can be an exploitable software package, an exploitable computer, or in some elaborate cases, an exploitable network segment. These things are built to exactly mimic the real targets of cyber attack by hackers, however when compromised, they do not impact production networks or data and, importantly, they trigger an Alarm with the company being attacked.
In the real world we have seen these operations as police stings, where an undercover agent poses as a buyer of some illegal item, meets with the criminal, and with backup arrests them when they purchase of the illegal good. In cybersecurity, the same activities can occur, although the ability to arrest perpetrators is greatly diminished. In cybersecurity, honeypots are most often used to detect attacks by sophisticated hackers who may not know or recognize the targeted system is a setup. In other cases, honeypots are used to deflect attacks from legitimate targets. Honeypots are always used to gain valuable information about how cyber-criminals are operating, whom and how they are trying to attack systems.
Related Reading: Ransomware, Snooping and Attempted Shutdowns
Should SMB’s deploy HoneyPots?
Generally speaking, Honeypots are reserved for large enterprises and security organizations who use them to collect malware, identify novel attacks including “Zero Day Vulnerabilities” and to keep an eye on what hackers are generally up to. CyberHoot has not seen a need or use for Honeypots in most SMB environments. They aren’t a bad idea, but they might not provide as much return on investment if those same dollars are not available for training and governing your employees.