How intrusion prevention systems (IPS) can be used with a 'honeynet' to gather intelligence on cyber attacks

Active defence through deceptive IPS

Cover

Modern security mechanisms such as unified threat management (UTM), next-generation firewalls and security information and event management (SIEM) have become more sophisticated over recent years, promising advanced security features and immediate mitigation of the most advanced threats.

While this appears promising, in practice even this cutting-edge technology often fails to protect modern organisations as they are being targeted by attacks that were previously unknown to the security industry. Most security mechanisms are based on a database of previously known attack artefacts (signatures) and they will fail on slightly modified or new attacks.

The need for threat intelligence is in complete contrast with the way current security solutions are responding to the threats they identify, as they immediately block them without attempting to acquire any further information.

In this report, we present and evaluate a security mechanism that operates as an intrusion prevention system which uses honeypots to deceive an attacker, prevent a security breach and which allows the potential acquisition of intelligence on each intrusion attempt. 

Vendor:
ComputerWeekly.com
Posted:
05 Jun 2017
Published:
05 Jun 2017
Format:
PDF
Length:
8 Page(s)
Type:
Research Content
Language:
English

Download Your Research Content Now!