Access your Pro+ Content below.
Active defence through deceptive IPS
This article in our Royal Holloway Security Series explains how intrusion prevention systems (IPS) can be used with a ‘honeynet’ to gather intelligence on cyber attacks
Table Of Contents
Modern security mechanisms such as unified threat management (UTM), next-generation firewalls and security information and event management (SIEM) have become more sophisticated over recent years, promising advanced security features and immediate mitigation of the most advanced threats.
While this appears promising, in practice even this cutting-edge technology often fails to protect modern organisations as they are being targeted by attacks that were previously unknown to the security industry. Most security mechanisms are based on a database of previously known attack artefacts (signatures) and they will fail on slightly modified or new attacks.
The need for threat intelligence is in complete contrast with the way current security solutions are responding to the threats they identify, as they immediately block them without attempting to acquire any further information.
In this report, we present and evaluate a security mechanism that operates as an intrusion prevention system which uses honeypots to deceive an attacker, prevent a security breach and which allows the potential acquisition of intelligence on each intrusion attempt.