Digital traps or honeypots are often used by security researchers to detect and analyze cyber threats. However, according to the European Network and Information Security Agency (ENISA), their usage among Computer Emergency Response Teams (CERTs) is not as widespread as it should be.
In a previous report, entitled “Proactive Detection of Network Security Incidents,” ENISA detailed the benefits of using honeypots to detect and investigate attacks. Despite their efficiency, certain CERTs haven’t deployed them.
That’s why the new study focuses on a number of 30 honeypots to offer insight on which technologies and solutions should be utilized. The report also looks at critical issues organizations are confronted with and practical deployment strategies.
CERTs can learn everything they need to know, from basic concepts to sandbox technologies and online honeypots.
“Honeypots offer a powerful tool for CERTs to gather threat intelligence without any impact on the production infrastructure,” Executive Director of ENISA Professor Udo Helmbrecht explained.
“Correctly deployed, honeypots offer considerable benefits for CERTs; malicious activity in a CERT’s constituency can be tracked to provide early warning of malware infections, new exploits, vulnerabilities and malware behaviour, as well as give an opportunity to learn about attacker tactics,” he added.
“Therefore, if the CERTs in Europe recognise honeypots better as a tasty option, they could better defend their constituencies’ assets.”
Over the past years, honeypots have been successfully utilized on a number of occasions. These digital traps are designed to mimic a real service, an application or a system in an attempt to lure potential cyberattackers.
When an entity connects to a honeypot, it’s automatically considered to be suspicious and its every move is closely monitored in an attempt to detect malicious activity.
The complete “Proactive Detection of Security Incidents: Honeypots” report is available here.