Honeypots are isolated decoy systems and services designed to look like production servers, but enabled to be susceptible to IT attackers. When deployed and analyzed correctly, they provide organizations an increased awareness of attack and breach activity generating dynamic threat research unique to the customer environment they are targeting.
With LogRhythm’s new suite, customers are able to easily deploy honeypots to attract opportunistic hackers.
When an attacker begins to interact with the honeypot, LogRhythm’s Security Intelligence Platform begins tracking the attacker’s actions, analyzing the honeypot data to create profiles of behavioral patterns and attack methodologies based on the emerging threats. AI Engine perform real-time, advanced analytics on all activity captured in the honeypot, including successful logins to the system, observed successful attacks, and attempted/successful malware activity on the host. This automated and integrated approach to honeypots eliminates the need for the manual review and maintenance associated with traditional honeypot deployments.
The LogRhythm Security Intelligence Platform prioritizes intel derived from the honeypots to orchestrate responses from similar attacks on production networks. For example, LogRhythm SmartResponse plugins automatically apply observations from the suite to managed blacklists and identified malware, so the IP address of an attacker targeting the honeypot will be blocked and the programs executed can be identified if discovered on production systems.
“LogRhythm continues to innovate, and our Honeypot Security Analytics Suite is the latest example of a set of features and functionality that advances our customers’ ability to detect and respond to cyber threats faster,” said David Pack, Director of LogRhythm Labs. “It’s now extremely straight forward for a LogRhythm customer to set up a honeypot that looks and acts like the customer’s network. The LogRhythm Security Intelligence Platform analyzes what the attackers are doing, and that intel is immediately harvested to best protect the entire company.”
The suite is available to customers immediately as part of LogRhythm’s Security Intelligence Platform.