Honeypots: Definition & Role in Cybersecurity Testing

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.

Honeypots are networks or devices designed to look like legitimate systems. They look and feel just like a valid part of a computer network. But these devices are actually hacker bait.

Set up a honeypot, and you can lure hackers into a research environment. You'll watch everything an attacker does, and those insights can help you build an even stronger system for your company.

What Is a Honeypot? A Formal Definition

A honeypot is a piece of hardware or software used to detect or study attacks from hackers. It functions just like a valid piece of equipment. But it's not tied to deeper or sensitive structures within your organisation. Any information entered into the honeypot is contained, and all the data is gathered for research and security purposes.

You can't use a honeypot to block undesired traffic or activity, and no legitimate work should happen on that device. Instead, you'll use it solely to understand how an attack on your system might progress. 

Imagine you're asked to defend Utah's state computer systems, which endure as many as 300 million hacking attempts per day. The more you know about the people trying to steal data, the better you can do your job.

You could, in theory, wait for a hacker to tap into a legitimate part of your system. You could watch that person carefully, and you could hope that you'll contain the damage before it goes too far. When the attack is over, you can patch the holes that allowed the breach. 

Or, you could use a honeypot to set up an experiment and watch a hacker with virtually no risk.

The very first honeypot study happened in 1991. A hacker gained access to a server, and the administrators watched him carefully for more than a month. Since then, computer experts all around the world have become intrigued with the idea. 

The average hacker spends more than 200 days inside a system before discovery. Even with sophisticated tools and processes, you're likely missing signatures of an attack as they unfold. Set up a honeypot, and you'll learn about threats in real-time. That could help you keep the next hacker out altogether.  

5 Uses for Honeypots

Common honeypot types include:

  • Database decoys. Some attacks pass through your firewalls, as they come in the form of SQL injection. A honeypot is made to capture these attacks, which allows the real resource to stay functional. 
  • Malware. Traps look like software apps, and they hope to pull down malware attacks that can be studied and replicated. 
  • Spider. Web pages made for website crawlers study malicious activity.
  • Production. Traps seem like part of a valid network, and they're placed as decoys to protect a company's real resources. A hacker trapped inside a honeypot spends so much time there that the administrators can upgrade defences on the real asset. 
  • Research. Data is tagged with identifiers, and when hackers steal that information, it's tracked to connect participants. 

Some of these honeypots use just a tiny amount of resources, and they collect only basic information. These low-interaction honeypots are easy to set up and quick to deploy. 

A high-interaction honeypot is more elaborate, and teams hope to ensnare hackers for longer periods for deta