Honey pots can help to mitigate cybersecurity breaches
GREG DE CHASTEAUNEUF Any attempt to attack the decoy devices or access decoy files or services alerts the security team and aids forensic investigations to determine whether the threat was external or in-house
Honey pots – decoy devices or systems designed to look like commercially sensitive data repositories or network elements – can improve detection of cybersecurity breaches, says telecommunications service provider Saicom Voice Services chief technology officer Greg de Chasteauneuf.
Cyberattackers are often present for lengthy periods on networks that they have infiltrated before carrying out an attack. During this time, they explore the compromised network, often relatively freely, to identify potentially commercially sensitive information or vulnerable systems.
Identifying such information or systems is then followed by developing ways to monetise the illegal access, either by sending sensitive information out of the network, which attackers can then use to commit fraud, or deploying ransomware used to prevent the company from accessing the data, after which companies receive a ransom demand to unlock access.
The concept of perimeter security is fading, as the porosity of a network – the sheer number of ways to access a network and different devices and systems linked to a network – means that detection and mitigation are becoming increasingly important aspects of cybersecurity, says De Chasteauneuf.
Saicom Voice Services has partnered with Thinkst Canary to offer a fully managed honey pot service. The devices are simple and easy to use and can be set up in five minutes to protect a client’s network.
“Small, smart devices scattered across the network act as decoys. They are designed to look like commercially sensitive information or systems, such as a router, Windows server or salary statements, and are filled with fictitious files in the expected format, such as .ptp files for salary statements. The device can be configured to make them look as genuine as possible.
Since there is no official traffic to these devices – and they are usually managed by the security team rather than the business administration staff – any attempt to attack or access the decoy files or services on the devices alerts the security team. The team can then investigate the alert, remove the malicious software or false users from the network and mitigate any risks to the network, he explains.
“The smart devices we use for these honey pots are inexpensive and can be distributed to branches and multiple virtual local area networks. Even the devices’ Mac address – the physical network interface identification numbers – can be changed to look like any manufacturer’s device, whether a router, switch, file server or even a desktop device,” De Chasteauneuf explains.
Using honey pots does not prevent breaches, but it does help a company to reduce the number of attacks and improve its security posture. Saicom Voice Services’ managed honey pot service improves detection and, through its team of skilled security experts, will also aid forensic investigations to determine whether the threat was external or in-house, and whether in-house devices or systems have been attacked or compromised, he concludes.
Comments
Press Office
Announcements
What's On
Subscribe to improve your user experience...
Option 1 (equivalent of R125 a month):
Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format
Option 2 (equivalent of R375 a month):
All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors
including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.
Already a subscriber?
Forgotten your password?
Receive weekly copy of Creamer Media's Engineering News & Mining Weekly magazine (print copy for those in South Africa and e-magazine for those outside of South Africa)
➕
Recieve daily email newsletters
➕
Access to full search results
➕
Access archive of magazine back copies
➕
Access to Projects in Progress
➕
Access to ONE Research Report of your choice in PDF format
RESEARCH CHANNEL AFRICA
R4500 (equivalent of R375 a month)
SUBSCRIBEAll benefits from Option 1
➕
Access to Creamer Media's Research Channel Africa for ALL Research Reports on various industrial and mining sectors, in PDF format, including on:
Electricity
➕
Water
➕
Energy Transition
➕
Hydrogen
➕
Roads, Rail and Ports
➕
Coal
➕
Gold
➕
Platinum
➕
Battery Metals
➕
etc.
Receive all benefits from Option 1 or Option 2 delivered to numerous people at your company
➕
Multiple User names and Passwords for simultaneous log-ins
➕
Intranet integration access to all in your organisation