Esc
Decoy Network Resource
Definition
Deploying a network resource for the purposes of deceiving an adversary.
How it works
Decoy network resources are deployed to web application servers, network file shares, or other network based sharing services.
A "honeypot" may serve a variety of decoy network resources.
Considerations
- Developing a deployment and placement strategy for the decoy network resource.
- Personnel responsible for creation of decoy networks should consider the potential for resource exhaustion through denial of service attacks.
Examples
- Honeypots are typically used to mimic a known system with fake vulnerabilities. This may attract attackers to the honeypot.
- Decoy accounts are also used to scan for attempted logins. The decoy accounts can provide security analysts with the attacker's potential intents and strategies.
- Tarpits are used to monitor unallocated IP space for unauthorized network activity.
loading...
loading...
References
All
Patent
The following references were used to develop the Decoy Network Resource knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)
Automatically generating network resource groups and assigning customized decoy policies thereto
Reference Type: Patent Organization: Illusive Networks Ltd Author: Shlomo Touboul; Hanan Levin; Stephane Roubach; Assaf Mischari; Itai Ben David; Itay Avraham; Adi Ozer; Chen Kazaz; Ofer Israeli; Olga Vingurt; Liad Gareh; Israel Grimberg; Cobby Cohen; Sharon Sultan; Matan Kubovsky
Deception-Based Responses to Security Attacks
Reference Type: Patent Organization: Crowdstrike Inc Author: Adam S. Meyers; Dmitri Alperovitch; George Robert Kurtz; David F. Diehl; Sven Krasser
Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network
Reference Type: Patent Organization: Palo Alto Networks Inc Author: Taylor Ettema; Huagang Xie
System and method for identifying the presence of malware using mini-traps set at network endpoints
MITRE Comments
Questionable or all files (as determined by the enterprise) are forwarded to the decoy network. Using a manager node user interface, you can setup fake information (ex. IP address of a decoy FTP server) and deploy decoy physical or virtual endpoints.
Reference Type: Patent Organization: Fidelis Cybersecurity Solutions Inc Author: Doron Kolton; Rami Mizrahi; Omer Zohar; Benny Ben-Rabi; Alex Barbalat; Shlomi Gabai
D3FEND™
A knowledge graph of cybersecurity countermeasures