Honeypots: Turning the Tables on Hackers

Honeypots have become an increasingly common cybersecurity tool used in recent years. Like antivirus software and firewalls, they can protect businesses from malware infections, which could otherwise cripple a business’s information technology (IT) infrastructure. But honeypots are unique from other cybersecurity solutions in their method of operation. They don’t scan or monitor a business’s IT infrastructure for potential cyber threats. Rather, they use a bait-and-hook technique to lure in hackers.

The Basics of Honeypots and How They Work

While the term “honeypot” is most commonly associated with a pot that’s literally filled with the honey, when used in the context of computers and IT, it refers to a cybersecurity system that’s designed to attract hackers.

A honeypot may contain what appears to be sensitive data relating to a business. When a hacker accesses this data, the honeypot captures the hacker’s information, such as his or her Internet Protocol (IP) address. After a business identifies the IP address of a hacker, it can block the hacker’s IP address from accessing its IT infrastructure.

Of course, the data used in a honeypot isn’t sensitive, so it doesn’t matter if a hacker is able to access it. The purpose of placing the data in a honeypot is to attract hackers so that the system can capture more information about those individuals.

The 2 Types of Honeypots

There are two main types of honeypots: production and research. Production honeypots are installed and used on production servers. They are easy to set up and require minimal maintenance. However, production honeypots don’t capture as much information about hackers as research honeypots.

Research honeypots, on the other hand, are used by cybersecurity firms, government institutions and other organizations to research potential cyber threats facing businesses. They are more complex than production honeypots, and they are able to capture more information about hackers. The downside to research honeypots is that they are more difficult to set up and require greater time and energy to maintain.

What Is a Honey Net?

While some businesses use a single honeypot in their cybersecurity strategy, others use multiple honeypots. When two or more honeypots are used together, it’s called a honey net.

Most small businesses won’t need a honey net. Rather, a single honeypot will suffice. But for mid- and large-sized businesses, a honey net can prove useful in defending against cyber attacks. With multiple honeypots in place, mid- and large-sized businesses can lure in more hackers, allowing them to safeguard their IT infrastructure against attacks executed by those hackers.