The world’s largest cybersecurity event, the RSA Conference, took place in San Fransisco in April and played host to some of the worlds leading cybersecurity professionals as they shared their expertise, innovations in cybersecurity, and best practices.
This author covered some of the issues that were discussed at the conference in an earlier article. But, of course, the conference also offered some innovative solutions to cybersecurity problems.
One of the strategies offered to protect business data was building honeypots.
What Are Honeypots?
Honeypots are a security strategy where the actual target is hidden behind a fake target, which is a virtual trap that collects information about the attack. Such a system is useful for detecting, deflecting, or studying attacks.
When a cyber attacker attempts to access a network or resource, they hit the fake system. This system can then alert system administrators of the attack. It may also collect valuable information about the tactics, techniques, and procedures (TTPs) of the attacker.
This strategy is a form of proactive defence against digital threats, which can be used to ‘target the targeter’.
So, Why Aren’t Honeypots More Popular?
The problem with honeypots is that they need to look convincing in order to fool threat actors. They have to look more attractive than the real system, so the attack comes towards them instead.
Unfortunately, the fact that they have to seem legitimate makes them difficult to set up and even harder to maintain.
Also, modern systems rely heavily on a complex software chain, made up of third-party tools, APIs, and libraries. These come from different vendors and sources. Since these are controlled by an external company, they can be a bit of a challenge when designing a honeypot.
If implementing this strategy is so challenging, how can one use it effectively in today’s cyber environment?
The answer might be in honeytokens.
What Are Honeytokens?
Where honeypots are fake systems, designed to mimic the real network, honeytokens are fake bits of information that mimic credentials or secrets.
As it is with honeypots, an attack on a honeytoken immediately triggers an alert.
That alert, in itself, can be a useful tool to have, since a data breach takes an average of 327 days to detect. That is more than enough time to steal important information and cause a lot of damage.
With a honeytoken alert, the company can be alerted as the attack is happening.
However, honeytokens can help with more than that. Since they alert administrators whilst an attack is underway, it is possible to take action based on the indicator of compromise.
That, in turn, allows defenders to find out whether the attack originated internally or externally, along with other useful information based on the action taken upon the honeytoken.
Plus, since they replicate small bits of information, they are easier to create and deploy.
Making Cybersecurity Proactive
When it comes to protecting one’s data from threat actors, it is important to be proactive rather than reactive.
Cyber threats continue to evolve, with threat actors using Artificial Intelligence (AI) to design more sophisticated attacks.
At the same time, cybersecurity professionals are using the same technology to design better methods of detecting threats.
As such, honeytokens can be a useful arsenal in one’s defence—which also needs to include internal and external penetration testing conducted by a reliable company, like DigitalXRAID.
Whilst the latter can be useful in identifying and patching security weaknesses, honeytokens can be extremely useful in quicker detection and response during a cyber attack. That, in turn, can drastically reduce the impact of the attack.