Intrusion Detection System

At modern enterprises of various industries, banking and other institutions, a very high level of computerization of various processes. Most of them have electronic document management systems, and all information is stored electronically. For the efficient work of employees, their personal computers are combined into a single network, through which they can quickly exchange various information, store and receive all kinds of data to perform their functional duties. Such networks are a real lure for industrial espionage, as unauthorized access to them will provide classified information that can be used for selfish purposes.

Such a concept as hanipot emerged at the end of the last century. This is a kind of network object, the main purpose of which is to wait until the attacker begins to attack it. In fact, he simply records and stores all criminal acts. Subsequently, the obtained artifact of the erroneous flow from the open trap is used for analysis. In addition, the hanipot detains the attacker, who spends his time studying it. Hanipot can be a simulation of a server, workstation, any service.

 

This attack marker has been used for a long time, but it was inconvenient to analyze the information obtained due to the lack of interaction with the real infrastructure.

 

These data protection tools have been replaced by a more sophisticated fraud technology called Deception, which has a centralized management structure for many traps. Its convenient management system allows the administrator to create traps with the necessary parameters. They immediately respond to attempts to interact and transmit the information to control systems, based on the analysis of which certain protection measures are taken manually or automatically. Such a protection system works until there is a zero-day attack – unauthorized penetration into the trap, then you need to eliminate the imperfections of the system.