Cyber attacks are becoming increasingly targeted in nature, making it imperative for organizations to deploy security tools that enable the detection and prevention of targeted attacks. When deployed and analyzed correctly, honeypots provide organizations an increased awareness of attack and breach activity generating dynamic threat research unique to the customer environment they are targeting.
LogRhythm’s Honeypot Analytics allow customers to centrally manage and continuously monitor honeypot event activity for adaptive threat defense. When an attacker begins to interact with the honeypot, LogRhythm’s Security Intelligence Platform begins tracking the attacker’s actions, analyzing the honeypot data to create profiles of behavioral patterns and attack methodologies based on the emerging threats.
Our AI Engine performs real-time, advanced analytics on all activity captured in the honeypot, including successful logins to the system, observed successful attacks and attempted/successful malware activity on the host. This automated and integrated approach to honeypots eliminates the need for the manual review and maintenance associated with traditional honeypot deployments.
The Honeypot Security Analytics Suite delivers:
- Continuous monitoring of honeypot data
- Customized threat research for strategic defense
- Automated breach prevention and response
- Dynamic security intelligence
LogRhythm’s Honeypot Security Analytics Suite generates threat intelligence specific to the targeted environment, allowing organizations to identify their adversaries, recognize their attack patterns and take the necessary steps to prevent attacks from infiltrating the corporate network. Research from the LogRhythm Labs team is continually embedded in the suite.
Challenge: The majority of attacks exploit valid user credentials to gain unrestricted access to the corporate network. Organizations need an effective means of monitoring for insecure accounts and passwords to prevent credentials from being compromised.
Solution: LogRhythm’s Honeypot Security Analytics Suite provides AI Engine rules that monitor for successful and unsuccessful logon attempts to honeypot servers, capturing details on the username and password. This allows analysts to see commonly attempted username and password combinations on the honeypot hosts.
Benefit: By knowing which accounts are being targeted by hackers and which passwords are vulnerable to exploit in the honeypot, organizations are able to strategically increase defense measures within their network by monitoring at risk user accounts and enforcing stricter password policies. A SmartResponse™ plugin can automatically add the IP address observed in the honeypot to a firewall list to prevent interaction
with the corporate network.
Challenge: With the evolving sophistication and rapid propagation of new cyber attack campaigns, it is difficult for organizations to detect zero-day exploits using traditional security tools because they lack the signatures and behavioral profiles needed to
spot targeted malware.
Solution: LogRhythm’s Honeypot Security Analytics Suites attracts attackers to a honeypot server configured for optimal surveillance. When a honeypot host is successfully compromised, LogRhythm captures the full details about how attackers gained access along with the subsequent host interactions.
Additionally, LogRhythm AI Engine rules capture and parse out all attempted malware and exploit downloads including communication with command and control servers.
Benefit: This data allows the security team to perform detailed threat analysis, giving them new insight into upcoming malware payloads and attack methodologies employed by adversaries. LogRhythm also captures additional environment data, such as user-agent strings, which highlight the tools that attackers or bots are using to breach networks. SmartResponse™ plugin can automatically add the attackers to an internal threat list to block access to the corporate network.