Examining Deception and Disruption Technology

Description: In this episode, we'll examine the technologies you can use to lure potential attackers, such as honeypots and honeynets.

What are deception and disruption technologies?

Deception and disruption technologies are the tools and techniques you can use to recognize and then divert an attacker within your network. Deceptions technologies enable defenders to identify a wide variety of attack methods without relying on known signatures or pattern matching.

There are several types of deception technologies, including:

• Honefiles

• Honeytokens

• Honeypots

• Honeynets

What are honeyfiles?

A file or document placed on a network as bait to attract attackers. Honeyfiles enable you to attract and detect unauthorized access or exfiltration attempts. You then can study this information to identify the techniques and potential intentions of bad actors without risking actual resources.

What are honeytokens?

A piece of fake or deliberately weak data placed within a system or network to act as a decoy. Honeytokens enable you to spot potential unauthorized activity or security breaches. You then can study this information to identify techniques and potential intentions without risking actual network assets.

What are honeypots?

A deceptive system or network designed to attract and trap potential attackers. Honeypots enable you to monitor the activities of bad actors or threat actors, and you then can study this information to identify techniques and potential intentions without risking actual network assets.

What are honeynets?

A network of honeypots designed to simulate a larger, more enticing target that enables you to lure and study attackers. Honeynets allow you to monitor and study the activities of bad actors and threat actors without risking actual network assets.