Authored by: Carolyn Crandall, Chief Security Advocate, Attivo Networks – The word “honeypot” has a specific connotation. Within the world of cybersecurity, it generally refers to a trap set for an attacker, designed to lure them into revealing their intent to attack the network. Unfortunately, it’s a word that also sounds outdated or could be viewed as complex with a high grief to reward ratio. However, this technology has come a long way since the early days of the honeypot in the 1990s. The ongoing cat-and-mouse game between attackers and defenders necessitates constant evolution and improvement, which means that the concepts behind honeypot technology are limited in value and will never have broad appeal – or so one might think!
Bad actors have always had the edge in cybersecurity. After all, the good guys have to secure everything, while the bad guys need find only one vulnerability. Given the appalling number of breaches over the years, it’s clear that the established crop of cybersecurity products isn’t up to the task of changing this equation and putting the good guys on top. When I attended this year’s RSA Conference, therefore, I looked for those exceptionally disruptive technologies that promise to turn the tide. Here are my top picks…
Militaries have been using deception for millennia. Cybercriminals use it every day. But cybersecurity vendors are fighting back. Robert Scammell talks to Attivo Networks CTO Tony Cole to find out how military-inspired traps are snaring cyber threats before they get a chance to attack. During World War II, a ghost army fooled Adolf Hitler. A travelling roadshow of inflatable tanks, cannons and airplanes, largely manned by actors and artists, impersonated the Allied Army near the front line. Doing this drew attention away from the US troops, spreading the German forces thin and giving the Allies a tactical advantage.
Written by: Nick Palmer, Technical Director, Europe – Honeypot. I always liked the term. Hailing right back to the comfort of my early childhood and images of Winnie the Pooh diving into one face first, then tracking to my first exposure to Lance Spitzner’s excellent book in 2002. It’s a descriptive and easily assimilable term, and for the uninitiated it’s also a really straightforward way to convey a competence that is still nascent in security circles.