09/03/2024 | News release | Distributed by Public on 09/03/2024 06:19
Today, cyberattacks are no longer a matter of if, but when. Spotting malicious actors before they can do damage requires a proactive approach. One effective strategy is to use honey tokens. This article explains what honey tokens are and how Netwrix Threat Manager enables organizations to easily create and use them to gain the threat intelligence they need to shut down attacks and improve their security posture.
A honey token is a digital object that appears to be valuable for a hacker but is actually a carefully designed decoy designed to empower defenders to discover information about the attackers and their activity. Examples of honey tokens include:
For example, honey-token email addresses don't correspond to actual users - when a hacker sends a phishing message to the email account, the security team can spot the campaign and begin investigating it. Similarly, defenders can set up a honey-token file or database with a tempting name like "Financial Records"; while a hacker is eagerly sifting through the false data in it, the honey token is sending information about the activity back to the security team.
Security teams can use the data from honey tokens to build a profile on the attacker, including details like IP addresses, server locations and user agents. More broadly, honey tokens help IT teams pinpoint underlying security gaps, such as weak password policies or outdated code.
Honey tokens are essential to any modern cybersecurity strategy. However, establishing and maintaining an effective set of honey tokens can be a challenge, especially across today's diverse and dynamic IT environments. One of the keys to success is to choose a software solution that automates and streamlines the work.
Netwrix Threat Manager (formerly StealthDEFEND) is one of the most robust deception-based security systems available. It offers honey tokens in the form of credentials inserted into LSASS on a host to entice an attacker to use a tool such as mimikatz to discover, capture and attempt to use those credentials. Defenders can easily monitor this activity around the honey token credentials to spot and investigate threat actors.
Key benefits include the following:
Netwrix Threat Manager provides an intuitive GUI that makes it simple to set up, deploy and monitor honey tokens. The first step is to select a compelling username for the honey token to entice an adversary to try to use it. To reduce noise, the username should not match, either in part or in full, another user, group, or computer account in your environment.
You can easily configure the honey token credentials and customize criteria such as how long a token can be active on a host and token reuse settings. Then you can schedule deployment.
It's also simple to monitor all honey token accounts that you have set up. If an attacker attempts to query the honey token account or authenticate with the honey token credentials, the solution will generate a threat detailing the event.
You can also review a rich history of what tokens are currently active on which host, as well as when and where tokens were previously active.
Honey tokens are a powerful tool for rooting out adversaries inside your network. Netwrix Threat Manager makes the creation, management, and maintenance of honey tokens as straightforward and painless as possible. As a result, you can not only shut down threats promptly but also study the behavior and tactics of attackers so you can pinpoint and close underlying security gaps to fortify your cyber resilience.
We invite you to visit https://www.netwrix.com/threat_detection_software.html, where you can learn more, take an in-browser demo, and schedule a one-to-one consultation.
Honeypot tokens are traps disguised as useful data, such as an email address, password or sensitive record. However, instead of providing hackers with valuable information or access, these objects are equipped with trackers that can glean valuable information concerning the adversary's location, tactics and identity.
Companies use honey tokens across the IT ecosystem, including email accounts, file caches and cloud databases. They deploy honey tokens as bait to draw in hackers and then harvest their information to learn how they gained access to the company's systems and servers.
A honeypot appears to be a legitimate digital asset, which lures cybercriminals into trying to use or access it. But that action triggers a sensor or cookie that tracks the hacker's actions and records data such as their device and IP address. Using this information, defenders can shut down threats in progress, as well as identify and close underlying security gaps to block future attacks.