It is imperative for organizations to deploy security tools that enable the detection and prevention of targeted attacks. When deployed and analyzed correctly, honeypots provide organizations an increased awareness of attack and breach activity generating dynamic threat research unique to the customer environment they are targeting.
When an attacker begins to interact with the honeypot, LogRhythm’s Security Intelligence Platform begins tracking the attacker’s actions, analyzing the honeypot data to create profiles of behavioral patterns and attack methodologies based on the emerging threats.
Our AI Engine performs real-time, advanced analytics on all activity captured in the honeypot, including successful logins to the system, observed successful attacks and attempted/successful malware activity.
LogRhythm’s Honeypot Security Analytics Suite generates threat intelligence specific to the targeted environment, allowing organizations to identify their adversaries, recognize their attack patterns and take the necessary steps to prevent attacks from infiltrating the corporate network. Research from the LogRhythm Labs team is continually embedded in the suite.
Challenge The majority of attacks exploit valid user credentials to gain unrestricted access to the corporate network. Organizations need an effective means of monitoring for insecure accounts and passwords to prevent credentials from being compromised.
Challenge With the evolving sophistication and rapid propagation of new cyber attack campaigns, it is difficult for organizations to detect zero-day exploits using traditional security tools because they lack the signatures and behavioral profiles needed to spot targeted malware.
LogRhythm’s Honeypot Security Analytics Suite provides AI Engine rules that monitor for successful and unsuccessful logon attempts to honeypot servers, capturing details on the username and password. This allows analysts to see commonly attempted username and password combinations on the honeypot hosts.
LogRhythm’s Honeypot Security Analytics Suites attracts attackers to a honeypot server configured for optimal surveillance. When a honeypot host is successfully compromised, LogRhythm captures the full details about how attackers gained access along with the subsequent host interactions. Additionally, LogRhythm AI Engine rules capture and parse out all attempted malware and exploit downloads including communication with command and control servers.
By knowing which accounts are being targeted by hackers and which passwords are vulnerable to exploit in the honeypot, organizations are able to strategically increase defense measures within their network by monitoring at risk user accounts and enforcing stricter password policies. A SmartResponse™ plugin can automatically add the IP address observed in the honeypot to a firewall list to prevent interaction with the corporate network.
This data allows the security team to perform detailed threat analysis, giving them new insight into upcoming malware payloads and attack methodologies employed by adversaries. LogRhythm also captures additional environment data, such as user-agent strings, which highlight the tools that attackers or bots are using to breach networks. SmartResponse™ plugin can automatically add the attackers to an internal threat list to block access to the corporate network.
Watch how LogRhythm’s Threat Lifecycle Management Platform drastically reduces mean time to detect and respond to advanced cyber threats.