Deception Layer

A honeypot is a new-generation security service that lets you detect real attacks inside your network in time. Using controlled decoy systems, we capture attackers' behaviour, their techniques and tools before they can endanger production systems.

This service is for organisations that:

• want an overview of intrusion attempts into the internal network,
• need to detect attackers who have already breached the perimeter,
• are addressing the risks of compromised credentials,
• are looking for a passive, fully managed solution with minimal overhead.

What you gain

• Fast detection of real attacks — when, from where, which service, and with which commands or credentials.
• Time and data to react — a critical head start to isolate the threat before damage occurs.
• Worry-free operation — placement design, installation, 24×7 monitoring, updates and support.

We support a broad range of services and protocols from the MS Windows and GNU/Linux families, as well as industrial protocols. The solution includes integration into central logging, SIEM and e-mail reporting.

How the cooperation works

1. We analyse your environment and security risks.
2. We design the placement of honeypots in the network and their configuration so they faithfully mimic your real systems — Linux, Windows and industrial environments.
3. We install them from a pre-prepared image, tailor the honeypots' identity to your environment and connect them to SIEM, central logging or e-mail reporting.
4. We test the detection mechanisms and hand the solution over to your security team.
5. We take over operation and 24×7 monitoring, keep the honeypots updated and respond to your queries. We are responsible for operating the honeypot system; the client is responsible for handling security incidents.

A typical deployment takes up to 14 days. You always know what's happening in your network and why.

Case study from practice