I will be honest and admit that the first three minutes into the “Learning from Honeypots” session by Adli Wahid from APNIC Australia, I couldn’t get the image of Winnie the Pooh out of my head. And safe to say, Adli’s presentation had nothing to do with the cuddly yellow bear and his obsession with honey.
Nevertheless, it was an interesting session as Adli took me and the other participants on an enticing journey of learning. For the uninitiated, Fortinet describes honeypot as “decoy servers or systems that are deployed next to systems your organization actually uses for production. Honeypots are designed to look like attractive targets, and they get deployed to allow IT teams to monitor the system’s security responses and to redirect the attacker away from their intended target”.
Adli then went on show data on some of the world’s biggest data breaches and it is interesting to note that many victims are big names within the industry such as Facebook where it was recorded that at least 533,000,000 data were lost.
Other brands are Canva, Experian Brazil, Microsoft, and OxyData amongst others to show the complexity of the topic and there is no one-size-fits-all solution or story that we can tell everyone on how to be more secure. It just has to be relevant, practical, and doable.
What Purpose Does Honeypot Serve?
In his presentation, Adli also said that when one thinks of the overall state of security, one major problem is the understanding of it. One hand there is a lot of effort taken to ensure everybody understands security but the fear that comes with it is that it falls on either spectrum of extremity – to oversimplify it or over-complicate the issues that people are left feeling clueless on what needs to be done, which could potentially undermine implementation of it and eventually misrepresenting the capabilities required and resources that is needed to achieve sufficient security.
Honeypot in a nutshell can be surmised as having several advantages such as its ability to: break down the attacker killer chain, test the incident response processes, and be straightforward and low maintenance. Honeypots is also able to give users reliable intelligence about how threats are evolving. They deliver information about attack vectors, exploits, and malware – and in the case of email traps, about spammers and phishing attacks.
A good use of honeypots helps to eradicate blind spots, too, as such its benefits far outweighs its disadvantages.
Follow us on ESPC2GO for updates and news on Cyber Security Asia 2021.