Honeypots detect and analyze cyber threats, but one security agency is saying others do not use them enough.
In a previous report, entitled “Proactive Detection of Network Security Incidents,” the European Network and Information Security Agency (ENISA) detailed the benefits of using honeypots to detect and investigate attacks. Despite their efficiency, certain Computer Emergency Response Teams (CERTs) have not deployed them.
That’s why the new study focuses on a number of 30 honeypots to offer insight on which technologies and solutions organizations should utilize. The report also looks at critical issues organizations face and practical deployment strategies.
CERTs can learn everything they need to know, from basic concepts to sandbox technologies and online honeypots.
“Honeypots offer a powerful tool for CERTs to gather threat intelligence without any impact on the production infrastructure,” said Executive Director of ENISA Professor Udo Helmbrecht.
“Correctly deployed, honeypots offer considerable benefits for CERTs; malicious activity in a CERT’s constituency can be tracked to provide early warning of malware infections, new exploits, vulnerabilities and malware behavior, as well as give an opportunity to learn about attacker tactics,” Helmbrecht said.
“Therefore, if the CERTs in Europe recognize honeypots better as a tasty option, they could better defend their constituencies’ assets.”
Over the past years, honeypots have been successful on a number of occasions. These digital traps can mimic a real service, an application or a system in an attempt to lure potential cyber attackers.
When an entity connects to a honeypot, it ends up automatically considered suspicious and its every move has digital eyes connected to it in an effort to monitor and detect malicious activity.
Click here for the complete “Proactive Detection of Security Incidents: Honeypots” report.