Honeypots are a common tool used by cybersecurity professionals. Consisting of data that looks sensitive and valuable but really isn’t, they are used to lure hackers. A hacker may discover the honeypot on a business’s network, after which he or she may attempt to retrieve it. While doing so, the hacker will inadvertently provide the business with information about his or her digital footprint, allowing the business to take appropriate cybersecurity measures to protect against real attacks in the future.

While all honeypots are used to safely lure hackers with fake data, there are two primary types: production and research. So, what’s the difference between a production honeypot and a research honeypot?

What Is a Production Honeypot?

The most common type, a production honeypot is a type of honeypot that’s used to collect cybersecurity-related information within a business’s or organization’s production network. Once deployed, the production honeypot will wait for an attack. If an attack occurs, it may collect data such as originating Internet Protocol (IP) addresses, traffic frequency and volume, directories accessories and more.

Production honeypots are popular among businesses because they are easy to use while revealing essential information about cyber threats and vulnerabilities facing their networks. With that said, production honeypots generally don’t reveal as much information as their research counterparts.

What Is a Research Honeypot?

A research honeypot, on the other hand, is a type of honeypot that’s used to collect information about the specific methods and tactics hackers use. Like production honeypots, they consist of fake data that looks sensitive and valuable to hackers. Research honeypots also collect information about attacks and vulnerabilities.

Research honeypots typically aren’t used by businesses. Rather, they are used by government and research organizations. That’s essentially how they differ from production honeypots. While production honeypots are used within a business’s network, research honeypots are deployed elsewhere — typically on multiple networks or locations.

Research honeypots are also more complex than production honeypots. As a result, they require more work to deploy. Because of their complexity, though, research honeypots provide more information about attacks and vulnerabilities.

Other Types of Honeypots

While most honeypots can be classified as either production or honeypot, there are other subtypes of honeypots. Low-interaction honeypots, for instance, require very few resources to run. High-interaction honeypots, conversely, require a greater amount of resources to run. There are also pure honeypots that operate as standalone software. They don’t require any other apps or software. Instead, pure honeypots can run on their own.