Definition of Honeypots
A cybersecurity honeypot is a computer system designed to attract cyber attackers so that security researchers can see how they operate and what they might be after. The honeypot is usually isolated from organizations’ main production environments, serving as bait to lure attackers into engaging with it without endangering the organization’s data.
History of Honeypots
Honeypots are a well-established tool in many organizations’ cybersecurity arsenal. But advancements on the basic technology has led to an emerging area of cybersecurity known as “deception technology,” that involves traps and decoys that are strategically placed around—and sometimes within—key systems. Once an attacker has penetrated a honeypot, these decoy systems observe, track and sometimes counterattack to attack them.1 Gartner Research identified deception technology as an “emerging technology” in 2016 that is becoming “market-viable.”2
Security & Deception Technologies
While honeypot technology and other security deception solutions can be effective at spotting an intruder and blocking any further damage they may cause, there are several steps companies need to go through before greenlighting the adoption of a “distributed deception platform (DDP),” said Gartner Research Vice President Augusto Barros.3
It’s important for an enterprise to decide, for example, when to invest in a DDP instead of in another security technology, Barros said. They also need to ask themselves whether it makes sense to divert resources to deception technology from other security initiatives. It’s also clear that an organization shouldn’t, for example, start deploying a DDP before doing a decent job of vulnerability assessment.
Future of Honeypot Technologies
While several companies have developed products to build deception technology, including honeypot, researchers at the University of Texas at Dallas have been researching where deception technology is going next. UT Dallas has developed the DeepDig (DEcEPtion DIGging) technique that plants traps and decoys onto real systems before applying machine learning techniques to gain a deeper understanding of a malware attackers’ behavior. The technique is designed to use cyber attacks as free sources of live training data for machine learning-based intrusion detection systems (IDS). These decoy systems are designed to act as a honeypot so that once an attacker has penetrated a network, security teams won’t just be notified but can fight back.4
- John Leyden, The Daily Swig “AI-powered honeypots: Machine learning may help improve intrusion detection.” March 2020.
- Lawrence Pingree, Gartner “Deception-related technology – it’s not just ‘nice to have’, it’s a new strategy of defense.” September 2016.
- Varun Haran, BankInfoSecurity.com “Deception Technology in 2020.” March 2020.
- Augusto Barros Gartner Research “New Research: Deception Technologies,” September 2016.