Advertise with us
[November 21, 2012]
Cyber security according to Winnie the Pooh: new report by EU Agency ENISA on 'digital trap' honeypots to detect cyber-attacks creates a buzz
(Cision (English) Via Acquire Media NewsEdge) The EU ‘cyber security’ Agency ENISA is launching an in-depth study on 30 different ‘digital traps’ or honeypots that can be used by Computer Emergency Response Teams (CERT)s and National/Government CERTs to proactively detect cyber-attacks. The study reveals barriers to understanding basic honeypot concepts and presents recommendations on which honeypot to use. An increasing number of complex cyber-attacks demand better early warning detection capabilities for CERTs. Honeypots are, simplified, traps with the sole task of luring in attackers by mimicking a real computing resource (e.g. a service, application, system, or data). Any entity connecting to a honeypot is deemed suspicious, and all activity is monitored to detect malicious activity.
This study is a follow-up to a recent ENISA report on Proactive Detection of Network Security Incidents (
-cyber-threats-plugging-the-gaps.-new-report-on-proactive-detection-of -cyber-security-incidents-to-make-201cdigital-fire-brigades201d-more -effective). The previous report concluded that while honeypots were recognised by CERTs as providing crucial insight into hacker behaviour, their usage to detect and investigate attacks was still not as widespread as might be expected. This implied barriers to their deployment.
This new study presents practical deployment strategies and critical issues for CERTs. In total, 30 honeypots of different categories were tested and evaluated. Goal: to offer insight into which open source solutions and honeypot technology are best for deployment and usage. Since there is no silver bullet solution, this new study has identified some shortcomings and deployment barriers for honeypots: the difficulty of usage, poor documentation, lack of software stability and developer support, little standardisation, and a requirement for highly skilled people, as well as problems in understanding basic honeypot concepts. The study also presents a classification and explores the future of honeypots.
The Executive Director of ENISA Professor Udo Helmbrecht (
-organization/executive-director/the-executive-director) commented: “Honeypots offer a powerful tool for CERTs to gather threat intelligence without any impact on the production infrastructure. Correctly deployed, honeypots offer considerable benefits for CERTs; malicious activity in a CERT’s constituency can be tracked to provide early warning of malware infections, new exploits, vulnerabilities and malware behaviour, as well as give an opportunity to learn about attacker tactics. Therefore, if the CERTs in Europe recognise honeypots better as a tasty option, they could better defend their constituencies’ assets.“ For full report (
-detection-of-security-incidents-II-honeypots/) For background: COM(2009)149 (
-lex.europa.eu/LexUriServ/LexUriServ.do uri=COM:2009:0149:FIN:EN:PDF) and NATO’s Legal Implications of Countering Botnets (
gBotnets.pdf) For interviews, please contact: Ulf Bergstrom, Spokesman, firstname.lastname@example.org or mobile: +30 6948 460 143, or Cosmin Cioabanu, ENISA Expert, at email@example.com Follow the EU cyber security affairs of ENISA on Facebook (
-information-security-agency-enisa-) YouTube (
) & RSS feeds (
) For all press inquiries please contact firstname.lastname@example.org This information was brought to you by Cision
following files are available for download:http://mb.cision.com/Main/119/9338118/68715.pdf
20121122 ENISA Honeypots FINAL DEhttp://mb.cision.com/Public/119/9338118/be70a1c7f6108b03.pdf 20121122 ENISA Honeypots FINAL FRhttp://mb.cision.com/Public/119/9338118/b94e4616cee3a905.pdf 20121122 ENISA Honeypots FINAL NL (c) 2012 Cision. All Rights Reserved.
Back To NFVZone's Homepage