The complex network environment and high-frequency network attacks have made the network security situation increasingly severe. Friends who are familiar with the security industry should know that "security" has been a relatively passive concept for a long time. Many companies usually passively defend, passively deploy, and passively build security facilities. However, in recent years, a more proactive security technology, honeypots, has begun to be increasingly accepted by Party A companies. The advantage of honeypot technology is that it can disguise itself as a normal business system, confuse hackers, capture hacker attack information, and trace the source of the attack, making security work more proactive.
Honeypots are an “Internet celebrity” technology in the network security field, and many powerful security manufacturers have launched related security products. This article will focus on the characteristics and advantages of honeypot technology, and make a display of companies that currently have commercial products related to honeypot technology. Everyone is welcome to discuss it, and it will also provide a simple reference for Party A companies with related security needs. .
Honeypots deploy fake resources to lure attackers into taking action, thereby discovering attacks and collecting attack information. A honeypot is a bait designed to lure hackers to attack and collect hacker-related evidence and information.
Honeypots can actively trap attackers, can record many traces of the attacker's attack process in detail, and can collect a large amount of valuable data, such as the source code of viruses or worms, and hacker operations. etc., thus facilitating the provision of rich traceability data. (Note: The following information comes from the official websites of each company and public information)
Product form: SaaS
Can you apply for trial: Yes
Product page: Chuangyu Honeypot?
Product price: minimum 300 yuan/month
1. Deception and disguise, can simulate a variety of real businesses of the enterprise
2. Real-time threat alarms , can block attacks in time
3. Threat situation is displayed synchronously, and threats are monitored in real time on a large screen
4. The source of the attack can be traced, and the intrusion path and attack source can be analyzed
5. System status and performance monitoring
1. Lightweight, non-intrusive client. It only includes the functions of data forwarding and attack awareness, so that the client takes up very few resources and can be run on servers with lower configurations without affecting existing businesses.
2. Honey farm cluster for advanced simulation. Cloud resources can be quickly adjusted, allowing the honeypot to be expanded at any time according to user usage pressure.
3. Full records of threat event details. After receiving the alarm message, IT and operation and maintenance personnel can log in to the Chuangyu honeypot management system to view the details of the threat event.
4. Honeypots are linked together. Even if hackers have invaded actual assets, they will be confused by the massive number of honeypots.
5. Honeypots continue to iterate Chuangyu Honeypot works closely with Chuangyu 404 Security Laboratory, always paying attention to the security situation of the industry, and continuously tracking and researching new attack methods.
6. Access to security experts. When necessary, users can contact the Chuangyu honeypot team to access Chuangyu's "Emergency Intrusion Rescue Service" with one click to assist users in implementing professional intrusion emergency measures.
Product form: hardware, software
Can you apply for trial: Yes
Product page: Listen
Product price: None
p>1. Full-port threat awareness
2. Abnormal traffic monitoring and redirection
3. High-simulation and high-interaction honeypot
4. Attack warning and behavior analysis
5. Attacker traceability
1. East-west traffic threat awareness capability. Different from traditional intranet security products that make judgments based on known vulnerability rule bases, Diting monitors every step of the attacker's actions by setting up baits and deploying probes on the attacker's only path.
2. Users can customize a variety of service-type honeypots, covering common service types in information systems, and support highly customized honeypot data, making the honeypot and honeynet environment more consistent with the real environment. Extremely disguised and deceptive.
3. Accurately identify attack intentions and automate complete evidence collection. When an attack is detected, an alarm will be initiated as soon as possible; by fully recording the attacker's intrusion behavior, it can help users analyze their attack intentions.
4. Based on the Docker architecture, it naturally supports cloud deployment and supports the formation of honeynets on the cloud to ensure all-round security on the cloud.
Product form: SaaS
Can you apply for trial: Yes
Product page: Magic Array
Product price: None
1. Behavior-based threat detection
2. Dynamic network isolation attack
3. Device fingerprint threat tracing
4. Anti-repudiation intrusion evidence collection
5. Covers various enterprise IT environments
1. Behavior-based advanced threat hunting accurately analyzes attack sources, attack paths and types of techniques without upgrading, helping enterprises to perceive and Protect against 0day risks.
2. Construct a dynamic sandbox in real time based on the attacker's behavior and asset status, and automatically deploy sandboxes, camouflage agents, vulnerabilities, baits, etc. in different network environments to form a dynamic honeynet to implement attacks against attackers. Full-link spoofing prevents attackers from detecting the real network environment.
3. It has patented machine learning device fingerprint technology, combined with the cloud hacker fingerprint threat intelligence database, to identify and trace attackers in advance, and kernel-level attack behavior forensic technology to truthfully record the attacker's intrusion methods and behaviors.
4. Link with enterprise security protection products, open all interface APIs, output hacker behaviors, hacker portraits, attack trajectories, and seamlessly connect with other security products such as enterprise firewalls, IPS, IDS, and WAF.
Product form: SaaS
Can I apply for trial? :Can
Product page: Magic Cloud
Product price: None
1. Attack deception and transfer
2. Isolation of real assets Protection
3. Attack process capture and analysis
1. Effectively respond to high-level network attacks, new unknown network threats, advanced persistent threats (APT) and other high-level network attacks.
2. Huanyun’s attack detection is based on deception, which will hardly produce any false alarms and can be discovered immediately after calling the police. The captured attack data has the characteristics of less log volume, high information content, and purity without any business data.
3. Enhance collaborative defense capabilities. The attack data captured by Magic Cloud can be processed to form standard local threat intelligence output, which flows in other security devices and security subsystems to enhance the overall protection capabilities of the user's original security system. .
At present, the main domestic companies providing honeypot technology are the above four. The main functions of their products are roughly the same, focusing on deception, camouflage and attack source tracing.
It is very good to know that Chuangyu’s Chuangyu honeypot is very rich in functions and can meet the needs of most companies, including data analysis, display, etc., as well as 1v1 response from experts. ;
Changting’s Listening is a product that has been commercialized for many years and has richer experience in comparison;
From the data point of view, Mo’an Technology’s Magic Array is not very big. The characteristics of it are that it is a satisfactory honeypot product;
There is very little introduction information available for Jinxing Technology’s Huanyun, so I will not comment here.
It is recommended that when a company or unit has honeypot security needs, they can try out each product separately and choose the one that best suits their business situation.