Catching menaces is tricky business, especially in today’s threat landscape. To address this problem, for many years sybersecurity researchers have been using honeypots– a well-known deception technique in the industry. Dan Demeter, Senior Security Researcher with Kaspersky’s Global Research and Analysis Team and head of Kaspersky’s honeypot project, explains what honeypots are, why they are recommended for dealing with external menaces, and how you can set up your own simple SSH-honeypot. This post offers a condensed version of his presentation alongside the video, which you can opinion below.
What are honeypots?
A honeypot is a special piece of software that imitates a vulnerable device. Those devices can be from a wide variety of types, such as smart light bulbs, home security DVRs, fridges, microwaves, etc. Deployed publicly on the Internet, honeypots mimick real devices, and, in essence, part like traps for the attackers targeting such devices. Sometimes honeypots likewise allow defenders to attract and recognize new, previously unknown assaults and exploits.
Who needs to set up honeypots? Why?
To protect an organization and its network, the IT security department usually deploys a variety of protection mechanisms, such as EDR, firewall rules or security policies. Nonetheless, from its own experience, these mechanisms might not be enough. Even before they shifted to remote study, organisations had utilized many vulnerable machines exposed to the Internet that they did not know about. With the switching to remote operate, the number of remote stations has increased, and so has the number of exposed network devices, inducing corporate networks even more vulnerable. Honeypots help strengthening corporate defense system- being planted in key parts of the network they serve as decoys to register external assaults, and capture the threats that were used. This renders an opportunity to further analyze an attack against an organization and learn how to fend it off.
What is Kaspersky’s honeypot project and how can organizations participate?
Honeypot systems require high visibility: the higher- the very best, as that helps to cover a wider attack surface. That’s why it is important to collaborate with ISPs, security services dealers or research groups on the Internet to detect new strikes. Kaspersky is continuously improves and strengthens its partnerships with various research groups and ISPs around the world to enhance detection abilities. Kaspersky offers Honeypots-as-a-Service: we offer the entire infrastructure, our partners simply needing to set up and deploy honeypot nodes in their networks. These are connected together and to our honeypot infrastructure. Kaspersky monitors them, analyzes, and aggregates the data, identifies the attacks, and offers its partners statistics( such as most common usernames and passwords use, attacker IPs, types of assaults, etc .), as well as any other artefacts that might be of interest to them. To join Kaspersky’s honeypot project, email to honeypots @kaspersky. com.
To learn how to set up an SSH-honeypot to deal with attackers who are seeking to bruteforce your logins and passwords, keep watching the full video with Dan Demeter, where he answers basic questions about honeypots.