The Q5 baits attackers into defeating themselves by creating many fully-functional honeypots on each iQCortex blade. The Q5’s NeuralOS accomplishes this feat by running entire decoy servers, including their hardware, as self-contained virtual machines that exist totally in software. This process is known as virtualization.
Since multiple decoys can be run on a single blade, a fleet of Q5 appliances can cost-effectively mimic even large production environments. And because the Q5 supports a wide range of decoy operating systems, it’s also extremely versatile.
Decoys are overseen by a hypervisor, which resides in the Linux-based kernel of the Q5’s NeuralOS. The hypervisor functions as a layer of abstraction between the virtual machine decoys and the Q5’s hardware, assigning and managing each decoy’s physical memory address space, among other tasks. Extensions supporting virtualization on commodity hardware and support for these extensions in the Linux kernel (upon which our NeuralOS is based) allow the performance of these virtual machines to rival that of native systems.
The result of using virtualization is that the Q5 is able to generate a honeynet composed of decoys that are indistinguishable from production servers, making them unmatched tools of deception. Every level of engagement with one of the Q5’s decoys returns an authentic response.
Decoys are also able to run real-world applications and services, so intruders have no idea that they are interacting with an instrumented honeypot that is observing and adapting to their behavior. This makes the Q5 ideal for profiling vulnerabilities in your applications. And because Q5 honeypots encapsulate complete server environments, the quality of forensic data they generate in their interactions with intruders goes well beyond anything currently available to network security professionals.