Deploying HoneyDrop on an internal network provides a valuable cybersecurity advantage by diverting potential attackers away from actual network resources and offering insights into their techniques and the nature of the threats they pose. This allows organizations to gain a deeper understanding of potential risks and enhance their overall network visibility. This appliance also serves to slow down attackers, providing early warning of potential attacks, and identifying active compromises on the internal network.
Our appliance exposes fake services often targeted by cyber criminals. Its purpose is to lure attackers to itself which then generates logs and alarms - indicating that a malicious threat actor may be on the network. When a HoneyDrop service is interacted with, the activity gets logged to AWS CloudWatch. This activity then generates alerts to be sent to email or SMS. Alternatively, CloudWatch alarms can trigger Lambda functions to invoke incident response actions on your behalf.