Honeypots are decoy systems designed to lure attackers, detect unauthorized access attempts, and alert security teams.
They are a great security solution, but are not widely adopted in the SMB sector because they used to have a fundamental problem - A problem that we solved with our Patent-Pending technology.
The Interactivity Spectrum
Honeypots vary widely in terms of Interactivity and Security
Let's take a step back and explain the terms.
Interactivity defines how realistic and effective at deceiving attackers a Honeypot is, it can range from low interactivity to full interactivity:
- A low interaction honeypot is a fake service, for example an FTP server that just responds with
I am FTP version 1.2.3. The catch is that it's very easy to spot and avoid. - A medium interaction one is a real service, an actual FTP server that allows an attacker to fully interact.
- A fully interactive Honeypot is a real system. A machine that can be breached and explored inside, offering multiple options for the attackers to play with. It fully embraces the Deception goal trying to keep the threat inside as long as possible.
It's clear that the higher the interactivity is the better, but there's a catch: Security.
The Security issue
Hackers, by definition, don't play by the rules. The more room a hacker has, the more it can do.
A fully interactive Honeypot can be completely exploited (rooted in the slang) and this can be leveraged against other systems. For example with admin privileges an attacker is able to craft network packets, and this opens a wide array of nasty attacks, like Man-in-the-Middle.
Until now, security in honeypots is inversely proportional to interactivity.
Therefore, if an organization decides to deploy fully interactive Honeypot, they have to closely monitor them and be ready to "pull the plug" at a moment's notice. This in part defeats the proposition of being an affordable security solution.
Our Patent-Pending Solution
It is well known that most innovations are not major breakthroughs, but intelligent re-frame that solve problems with a different perspective.
Our honeypot are fully interactive, they don't even try to prevent intruders from getting root, they encourage it. Yet, they are fully secure - really.
How? It's simple: they are not in your network, they are in our cloud.
We deploy a small appliance that creates a one-way, encrypted tunnel to a cloud Honeypot and blindly forwards any traffic that reaches it at Layer 3 while strictly blocking anything that comes back.
The fact that it doesn't treat or inspect packets itself but simply lets them through makes it virtually unexploitable. Think of it as an invisible funnel.
From the attacker's perspective, the actual Honeypot appears to be in your network, but it's not: it's safe and fully isolated.
Zero Trust design
The appliance is created from the ground up with a strict Zero Trust design. It is proactive towards our infrastructure and initiates all operations independently, it is self healing.
It rejects all connections to it, but not through it. This means not even our team has access, and this is important for our paranoid security model.
Any application that receives update from the developer can be exploited and used as a Trojan horse if an employee goes rogue or the supplier is compromised, even a simple note-taking app. Not ours, because it's so simple and solid we don't need to update it. And if we ever do, we'll ship another SD Card with the new code inside at our expense.
This will most likely be the single, most secure piece of technology in your whole infrastructure.
You can also request the source code running in the appliance or read the SD Card yourself to audit it.
Zero Trust is Zero Trust, we understand it and we encourage it.
Feature Rich and Customer Friendly
Our honeypots are not only secure and fully interactive, they are also feature rich and customer friendly