Strategies
One of the most effective applications of honeynets involves setting up an entirely separate network of Q5 appliances to attract and study enemies in a contrived context. By deploying what appears to be an enormous production network littered with targets to explore, customers can gather real-time attack information for profiling applications, gathering intelligence, and building signature libraries for one’s existing fleet of production intrusion detection and protection systems.
Falsified or low-value data (“honey tokens”) can be loaded onto honeynet decoys to identify and track attackers. Since the decoy network is composed of fully-functional operating systems, applications can also be installed as honey tokens and profiled for vulnerabilities. Honeynets can also be set up to conduct long-term strategic research and intelligence gathering. Unlike conventional systems, our approach shifts surveillance outside of the guest decoys, making the long-term success of their deception much more likely, thereby significantly enhancing their value.
The Q5’s agility allows organizations to get highly actionable data on who is attacking, how they are staging their attacks, and what kind of information they are after. This knowledge confers insight into attack motivations and provides the means for tuning the honeynet and its honey tokens in order to encourage further interaction.
This design is most effective when deployed in addition to the Trap Door and Shell Game, which are best positioned to draw attacks away from production systems.