{"id":1463,"date":"2018-04-19T15:13:34","date_gmt":"2018-04-19T19:13:34","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=1463"},"modified":"2019-06-24T11:43:06","modified_gmt":"2019-06-24T15:43:06","slug":"cybersecurity-honeypot-need-know","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/","title":{"rendered":"The Cybersecurity Honeypot: What You Need to Know"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1464\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod.jpg\" alt=\"honeypot SIEM solution cybersecurity\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">I do hope you\u2019ll pardon this little touch of nerdiness as I explain the concept:<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In the world of role-playing game Dungeons and Dragons, there is a well-known monster known as the Mimic. The Mimic, at first glance, looks like an ordinary treasure chest\u2014much like one your adventuring party may have opened earlier that day. However, if anyone falls for the trick and attempts to open the Mimic chest, they\u2019re greeted by a savage attack via a prehensile tongue and rows upon rows of razor-sharp teeth. \u00a0These monsters are considered a staple trap in dungeon design, perfect for attracting the greedy and unobservant thief.<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/security-information-event-management-vendor-map\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/02\/SIEM_VM_SB.jpg\" alt=\"Download Link to SIEM Vendor Map\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Being in charge of your <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/key-components-successful-incident-response-plan\/\" target=\"_blank\" rel=\"noopener noreferrer\">enterprise\u2019s IT security<\/a> may not feel as fantastical as being in charge of a magical dungeon, but the principles are actually the same: you have treasure (databases) you want to protect and select traps (cybersecurity) to protect it. Topping off the comparison, endpoint security, intrusion detection services (IDS), and <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/introducing-siem-defined-glossary\/\" target=\"_blank\" rel=\"noopener noreferrer\">SIEM<\/a> solutions actually do have their own Mimic-like tool: the honeypot. \u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>What is the Honeypot? <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Much like the mimic, the honeypot is a decoy with a compelling lure for the greedy and unobservant hacker: it\u2019s designed to look like a functioning replica of your enterprise\u2019s servers and databases. But while the data within the honeypot looks real, it\u2019s actually completely isolated from the real server and can be closely monitored by your IT security team. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The titular \u201choney\u201d of the honeypot is that this fake server has much weaker security protocols than your actual network. For example, the passwords to gain access to the honeypot network may be childishly simple. This will entice hackers looking for an easy score, deceiving them into taking the easy route instead of the much harder route to the actual network. Thus the trap is sprung.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Cybersecurity analysts can use the hacker\u2019s behavior on the decoy servers to <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/6-questions-on-digital-threat-hunting-with-brandon-dixon-of-risk-iq\/\" target=\"_blank\" rel=\"noopener noreferrer\">detect threats preemptively<\/a> and discover the security holes that allowed them access. With this knowledge, your IT security team can deflect both the current attack and fortify the means to deflect future attacks. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">There are actually two kinds of honeypot: the research honeypot and the production honeypot. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The research honeypot is designed to perform close analysis on hackers\u2019 behaviors, learning their infiltration tactics and threat progression. This provides cybersecurity analysts the data to design better cybersecurity protections in the future. The honeypot\u2019s data can also help them track stolen data through normally unseen channels and discover malicious network connections. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The production honeypot is the fully-fledged network decoy, complete with fake data caches to distract hackers. It provides security teams the time to find the threat, mitigate it before it reaches the real network, and record evidence for future prosecution. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>How Does the Honeypot Work With Other Solutions? <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">A honeypot is a detection tool rather than a preventative solution; it works best when paired with endpoint security, an introduction detection system, and\/or SIEM. The honeypot can gather threat information that by default has slipped past traditional preventative solutions\u2014signatureless malware, fileless malware, and zero-day attacks. It can also help <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/4-challenges-traditional-log-management-solutions\/\" target=\"_blank\" rel=\"noopener noreferrer\">SIEM solutions\u2019 logging<\/a> capabilities for more comprehensive investigations and more accurate alerts. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The latter is especially important: a properly designed honeypot will only be found by a malicious threat actor rather than a legitimate user. Therefore, an SIEM solution with a honeypot can distinguish between a false positive and a real threat far more easily than a solution without one. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>High-Interaction or Low? <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">You can deploy either a high-interaction or a low-interaction honeypot on your network. The latter may not be the most sophisticated of decoys, but they are easier to deploy and manage. The former, because it is a near-perfect replication of your real network, can give your IT security team much more accurate data on how a threat unfolds and how a hacker behaves. However, it requires more time and energy to deploy properly. You will need to examine your resources carefully and deploy the proper decoy for your enterprise. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>What are the Drawbacks to the Honeypot? <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Unlike the Mimic, honeypots generally don\u2019t have teeth to actually remove a detected threat\u2014hence its needs other solutions to support it. If you do configure your honeypot to strike back against attackers, know that liability issues surrounding counterattacks from honeypots is a murky area of the law. You may end up in more trouble than your hacker. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Decoys that encourage hackers to access the root access of the endpoint\u2014which can provide analysts with extremely valuable data\u2014can easily backfire if it accidentally allows the hacker into the network proper. Make sure you have the right configuration and that it is monitored for any loopholes.<\/span><\/p>\n<p><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/> \u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I do hope you\u2019ll pardon this little touch of nerdiness as I explain the concept: In the world of role-playing game Dungeons and Dragons, there is a well-known monster known as the Mimic. The Mimic, at first glance, looks like an ordinary treasure chest\u2014much like one your adventuring party may have opened earlier that day. [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":1464,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551],"tags":[95,145,112,86,212,21,57,22],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Cybersecurity Honeypot: What You Need to Know<\/title>\n<meta name=\"description\" content=\"Endpoint security, intrusion detection services (IDS), and SIEM solutions actually do have their own Mimic-like tool: the honeypot. \u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Cybersecurity Honeypot: What You Need to Know\" \/>\n<meta property=\"og:description\" content=\"Endpoint security, intrusion detection services (IDS), and SIEM solutions actually do have their own Mimic-like tool: the honeypot. \u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-19T19:13:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-06-24T15:43:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/\",\"name\":\"The Cybersecurity Honeypot: What You Need to Know\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod.jpg\",\"datePublished\":\"2018-04-19T19:13:34+00:00\",\"dateModified\":\"2019-06-24T15:43:06+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Endpoint security, intrusion detection services (IDS), and SIEM solutions actually do have their own Mimic-like tool: the honeypot. \u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"honeypot SIEM solution cybersecurity\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Cybersecurity Honeypot: What You Need to Know\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\",\"description\":\"Buyer&#039;s Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Cybersecurity Honeypot: What You Need to Know","description":"Endpoint security, intrusion detection services (IDS), and SIEM solutions actually do have their own Mimic-like tool: the honeypot. \u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/","og_locale":"en_US","og_type":"article","og_title":"The Cybersecurity Honeypot: What You Need to Know","og_description":"Endpoint security, intrusion detection services (IDS), and SIEM solutions actually do have their own Mimic-like tool: the honeypot. \u00a0","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","article_published_time":"2018-04-19T19:13:34+00:00","article_modified_time":"2019-06-24T15:43:06+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/","name":"The Cybersecurity Honeypot: What You Need to Know","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod.jpg","datePublished":"2018-04-19T19:13:34+00:00","dateModified":"2019-06-24T15:43:06+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Endpoint security, intrusion detection services (IDS), and SIEM solutions actually do have their own Mimic-like tool: the honeypot. \u00a0","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/honeypot-mod.jpg","width":800,"height":400,"caption":"honeypot SIEM solution cybersecurity"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/cybersecurity-honeypot-need-know\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"The Cybersecurity Honeypot: What You Need to Know"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","description":"Buyer&#039;s Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1463"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=1463"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1463\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/1464"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=1463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=1463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=1463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}