Case study · Honeypot

Honeypot deployment at a manufacturing company

A manufacturing company with heterogeneous infrastructure — passive detection of internal and external attacks.

14 daysfrom analysis to handover
2honeypots (Linux + Windows)
SIEMreal-time reporting
0impact on production

Initial state

The client had standard perimeter protection but lacked tools to detect attacker movement inside the network. The goal was to extend security without impacting production, with support for both Linux and Windows and integration into SIEM.

The solution

  • Linux honeypot — simulating SSH, FTP, DNS, HTTP,
  • Windows honeypot — simulating RDP, LDAP, MSSQL, SMB,
  • configuration matching the real versions and behaviour of systems, placed in separate VLANs,
  • maximum credibility for the attacker.

Implementation

  • 2 honeypots as VMs (2 vCPU, 2 GB RAM, 30 GB disk),
  • installation from a pre-prepared EPOFIS IT ISO image (Ubuntu LTS),
  • integration with a central SIEM, automated incident reporting,
  • training and handover to the client's security team.

Benefits

  • early real-time attack detection (time, IP, service, method, credentials used),
  • improved security without any impact on production, minimal operational overhead,
  • full integration into existing monitoring, a complete solution within 14 days.

Facing a similar challenge?

Get in touch — we will be happy to go through your situation and propose concrete next steps in a no-obligation consultation.

Free consultation