‘Winnie-the-Pooh’ tactics to trap cyber criminals

Nov 22

Editor’s Note: The European Network and Information Security Agency (ENISA) study “Proactive Detection of Security Incidents — Honeypots” is attached here.

From: Info4 Security

By Rob Ratcliff

The European Network and Information Security Agency (ENISA) is launching an in-depth study of 30 digital ‘honeypots’ designed to proactively detect cyber attacks.

The EU’s cyber security agency believe that the increasing number of complex cyber attacks require better early warning detection capabilities.

Honeypots are traps designed with the sole task of luring in attackers by mimicking a real computer server or application. Any identity that connects to a honeypot is immediately deemed suspicious and all activity by the identity is monitored to detect a malicious attack.

ENISA recently recognised in a report – Proactive Detection of Network Security Incidents – that honeypots were not widely used, despite a recognition that they are extremely effective at detecting malicious behaviour from hackers.

ENISA has said that the difficulty of usage, poor documentation, lack of software stability and developer support and little standardisation were among the reasons why honeypots were not more widely used by computer emergency response teams (CERTs).

ENISA executive director, Professor Udo Helmbrecht, said:“Honeypots offer a powerful tool for CERTs to gather threat intelligence without any impact on the production infrastructure.

“Correctly deployed, honeypots offer considerable benefits for CERTs; malicious activity in a CERT’s constituency can be tracked to provide early warning of malware infections, new exploits, vulnerabilities and malware behaviour, as well as give an opportunity to learn about attacker tactics.

“Therefore, if the CERTs in Europe recognise honeypots better as a tasty option, they could better defend their constituencies’ assets.”

ENISA has published a full breakdown of the 30 honeypot systems they tested rating them in a variety of areas including:

  • Detection scope
  • Quality of collected data
  • Scalability and performance
  • Reliability
  • Cost

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *