In the past few weeks, we have discussed what a honeypot is, along with examples of various types of honeypots. This week we will discuss the objectives of a honeypot. At a macro-level there are two different objectives: research or production.
Research honeypots are used to generally study malicious behavior on the Internet and to identify potential bad actors—often by IP address. As they study malicious behavior, they gather information about attack trends, malware strains, and vulnerabilities that are actively being targeted by bad actors. This information can in turn be used to inform preventative defenses, prioritize when to apply a patch, and generally provide guidance on which processes and procedures need to be fortified.
In contrast, production honeypots are focused on identifying active attacks and compromise on an organization’s internal network and tricking the bad actor(s) in to assuming he/she is attacking real computer infrastructure. Information gathering is still a priority, as honeypots give you additional
If you want to learn more about how Accolade Technology can help your business, please contact us at [email protected].