Catching threats is tricky business, especially in today’s threat landscape. To tackle this problem, for many years сybersecurity researchers have been using honeypots – a well-known deception technique in the industry. Dan Demeter, Senior Security Researcher with Kaspersky’s Global Research and Analysis Team and head of Kaspersky’s honeypot project, explains what honeypots are, why they are recommended for dealing with external threats, and how you can set up your own simple SSH-honeypot. This post offers a condensed version of his presentation alongside the video, which you can view below.
What are honeypots?
A honeypot is a special piece of software that emulates a vulnerable device. Those devices can be from a wide variety of types, such as smart light bulbs, home security DVRs, fridges, microwaves, etc. Deployed publicly on the Internet, honeypots mimick real devices, and, in essence, function like traps for the attackers targeting such devices. Sometimes honeypots also allow defenders to attract and identify new, previously unknown attacks and exploits.
Who needs to set up honeypots? Why?
To protect an organization and its network, the IT security department usually deploys a variety of protection mechanisms, such as EDR, firewall rules or security policies. However, from our experience, these mechanisms might not be enough. Even before they shifted to remote work, organizations had used many vulnerable devices exposed to the Internet that they did not know about. With the shift to remote work, the number of remote stations has increased, and so has the number of exposed network devices, making corporate networks even more vulnerable. Honeypots help strengthening corporate defense system – being planted in ..
Support the originator by clicking the read the rest link below.
