Honeypots: Trapping masters of deception

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

How do you handle cyber threats from malicious actors already in side your network? Attivo Networks CTO Tony Cole has some ideas. He joined host John Gilroy this week on Federal Tech Talk.

His company specializes in an approach technically called “engagement-based attack analysis.” You may want to call it setting a trap.

Head shot of Tony Cole
Tony Cole, CTO, Attivo Networks

The idea is to set up a replica of your network that is so convincing that a malicious actor will enter the faux system and engage with it.  When that happens, Attivo can track activities and learn methods and tactics. Once an asset is “touched” an alert goes off, and systems administrators are informed.

Over the years this approach has been called a “honeypot.”

Not exactly a new concept for the military.  Trapping moves have been around since the Battle of Cannae.

Early honeypots were time-consuming and expensive to assemble. The breakthrough from Attivo is their approach gives you speed, flexibility, and scaling. Early honeypots were painstaking to construct and required hours and hours of a technician’s time.  As a result, they were difficult to deploy and scale.


Federal Tech Talk

TUESDAYS at 1:00 P.M.

Host John Gilroy of The Oakmont Group speaks the language of federal CISOs, CIOs and CTOs, and gets into the specifics for government IT systems integrators. Follow John on Twitter. Subscribe on Apple Podcasts or Podcast One.

Sign up for breaking news alerts