Honey pots – decoy devices or systems designed to look like commercially sensitive data repositories or network elements – can improve detection of cybersecurity breaches, says telecommunications service provider Saicom Voice Services chief technology officer Greg de Chasteauneuf.

Cyberattackers are often present for lengthy periods on networks that they have infiltrated before carrying out an attack. During this time, they explore the compromised network, often relatively freely, to identify potentially commercially sensitive information or vulnerable systems.

Identifying such information or systems is then followed by developing ways to monetise the illegal access, either by sending sensitive information out of the network, which attackers can then use to commit fraud, or deploying ransomware used to prevent the company from accessing the data, after which companies receive a ransom demand to unlock access.

The concept of perimeter security is fading, as the porosity of a network – the sheer number of ways to access a network and different devices and systems linked to a network – means that detection and mitigation are becoming increasingly important aspects of cybersecurity, says De Chasteauneuf.

Saicom Voice Services has partnered with Thinkst Canary to offer a fully managed honey pot service. The devices are simple and easy to use and can be set up in five minutes to protect a client’s network.

“Small, smart devices scattered across the network act as decoys. They are designed to look like commercially sensitive information or systems, such as a router, Windows server or salary statements, and are filled with fictitious files in the expected format, such as .ptp files for salary statements. The device can be configured to make them look as genuine as possible.

Since there is no official traffic to these devices – and they are usually managed by the security team rather than the business administration staff – any attempt to attack or access the decoy files or services on the devices alerts the security team. The team can then investigate the alert, remove the malicious software or false users from the network and mitigate any risks to the network, he explains.

“The smart devices we use for these honey pots are inexpensive and can be distributed to branches and multiple virtual local area networks. Even the devices’ Mac address – the physical network interface identification numbers – can be changed to look like any manufacturer’s device, whether a router, switch, file server or even a desktop device,” De Chasteauneuf explains.

Using honey pots does not prevent breaches, but it does help a company to reduce the number of attacks and improve its security posture. Saicom Voice Services’ managed honey pot service improves detection and, through its team of skilled security experts, will also aid forensic investigations to determine whether the threat was external or in-house, and whether in-house devices or systems have been attacked or compromised, he concludes.