Honeypot
What is Honeypot?
HoneypotA decoy system or service deliberately exposed to attract attackers, observe their techniques, and divert them from production assets.
A honeypot is a deception asset that mimics a real server, application, or piece of data so that any interaction with it is, by definition, suspicious. Low-interaction honeypots emulate a limited set of services to detect scanning and commodity malware, while high-interaction honeypots run full operating systems to capture advanced tradecraft. Defenders use the captured telemetry to derive indicators of compromise, study TTPs, and feed detection engineering. Honeypots must be isolated from production networks to prevent them from becoming pivot points, and their findings are typically forwarded to a SIEM or threat-intelligence platform.
● Examples
- 01
A vulnerable-looking SSH server on the internet that logs every credential an attacker tries.
- 02
A fake database in the DMZ that triggers an alert on any query.
● Frequently asked questions
What is Honeypot?
A decoy system or service deliberately exposed to attract attackers, observe their techniques, and divert them from production assets. It belongs to the Network Security category of cybersecurity.
What does Honeypot mean?
A decoy system or service deliberately exposed to attract attackers, observe their techniques, and divert them from production assets.
How do you defend against Honeypot?
Defences for Honeypot typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Honeypot?
Common alternative names include: Decoy system, Deception host.