A honeypot is a trap system designed to lure hackers into exposing their hacking techniques. A honeypot is often set up in a VM or cloud server that’s connected to the network, but isolated and strictly monitored by systems and security teams. The system is configured to appear legitimate, running processes and containing seemingly important dummy files and folders. It also has weaknesses that the attacker will look for and attempt to exploit such as unnecessary open ports, old software versions, weak passwords and more. The attacker will attempt to gain full control of the machine in order to exfiltrate data or steal credentials to access other sensitive systems.
Many different honeypot configurations exist, but they all have one thing in common – they look like real data and potential pathways to sensitive data. This can take the form of servers, but it can also be folders in SharePoint that contain fake data and conversations or even a Microsoft Teams channel with fake data and messages. The point is to draw attention, so any type of system that looks like a pathway to critical data will do the trick.
While some attackers will fall for a honeypot because of simple curiosity, other attackers who know what they’re doing will notice the telltale signs and be aware that they’re being targeted. They can then adjust their attack strategies accordingly. Detecting when a honeypot is accessed is crucial for alerting your Incident Response team to investigate and stop attackers from exfiltrating real data.
Detecting when a honeypot is being accessed is easy with Varonis DatAlert. Using Varonis’ robust audit data and forensics capabilities, DatAlert can trigger custom real-time alerts whenever there’s activity on your honeypot. This will give your Incident Response team the head’s up to investigate the alert and stop the threat before it can spread across your core network.
Varonis can also identify the cause of the alert and the attacker’s location, giving your Incident Response team a complete picture of what’s happening in your environment. For example, if someone has a high risk token rating, we can see where they’re coming from, how long they’ve been on your network and what they’ve been doing in the past. Get you honeypot check right now!
This information will allow you to understand what the threat actor is looking for in your environment and how they’re getting into it. It will also help you develop better countermeasures and a proactive strategy to keep your company safe. To learn more about how you can use Varonis to protect your business, contact us today. We’d be happy to show you a demo and answer any questions that you may have. Sign up for a free trial and get started on your risk assessment with our team of cybersecurity experts. It only takes minutes! No credit card required.