Last week we talked about different sources for malicious IP lists. But how do those organizations and companies build the lists and know that the IP addresses are malicious? Well, this is where the concept of honeypots comes in. And no this has nothing literally to do with the sweet tasting food that bears are famously attracted to. Although that is the metaphor that defines a security or computer honeypot.

Simply put, a honeypot is a trap that is deliberately set by investigators to lure malicious software (malware) into interaction so that the specific malware can be identified and analyzed. Honeypots are often very sophisticated, depending upon the type of malware that is being chased, but conceptually it is easier to understand with a simple example. Imagine you set up a laptop as a honeypot and simply click on each suspicious link you can find to deliberately get your laptop infected. To be most effective you may have to scour dark parts of the Internet where nefarious activity often originates but ultimately your goal is to get as infected as possible with malware. You would then monitor activity on and from your laptop and meticulously track the IP addresses and related data of each interaction to build a profile of the malware. Congratulations, you have now just gotten into the honeypot business!    

If you want to learn more about how Accolade Technology can help your business, please contact us at [email protected].