We’ve said it more than once on this blog: when it comes to cybersecurity, it’s not enough to simply act reactively: acting preventively is also vital, because the best way to defend against an attack is to get ahead of it, preempt it, and stop it from happening.
For this reason, in their eagerness to stay ahead, an increasing number of companies allocate part of their corporate cybersecurity resources to studying new trends, analyzing the latest cybercrime strategies, and, ultimately, to being able to protect their company’s IT security in a much more efficient way, avoiding problems before they even appear.
This is where we start to see two concepts that are very common in the sector: honeypots and sandboxing, two IT risk prevention strategies that, while they may seem similar, in fact differ in several ways.
What is a honeypot?
A honeypot is a cybersecurity strategy aimed, among other things, at deceiving potential cybercriminals. Whether it’s via software or human actions, honeypots are when a company pretends to have a few “ways in” to their systems that haven’t been adequately protected.
The tactic is as follows: In the first step, a company decides to activate a series of servers or systems that seem to be sensitive. Ostensibly, this company has left a few loose ends untied and seems to be vulnerable. Once the trap is set, the aim is to attract attackers, who will respond to this call, and attempt to get in. However, what the cybercriminal doesn’t know is that, far from having found a vulnerable door, they are being regulated and monitored the whole time by the company in question.
This gives companies a triple benefit: firstly, they can stop genuinely dangerous attacks; secondly, they can keep attackers busy, wearing them out and making them waste time; and finally, they can analyze their movements and use this information to detect possible new attack strategies that are being used in the sector.
Honeypots are similar to so called cyber counterintelligence, which also uses a strategy of placing cybersecurity bait that, because of its vulnerable appearance, lures attackers in and tricks them, thwarting their attempts, while at the same time spying on them, analyzing and monitoring their movements.
In fact, there are ways to make the tactic even more sophisticated: if the honeypot isn’t developed on unused networks, but rather on real applications and systems, this is when we start to talk about a honeynet, that will be able to further mislead the cybercriminal and make them believe without a shadow of a doubt that they are attacking the very heart of the company’s IT security.
Ultimately, honeypots are a strategy that can be very useful, especially for large companies, since these companies usually store a large amount of confidential information and, as a result of the volume of activity, are extremely tempting targets for potential attackers.
What is a sandbox?
Sandboxes, on the other hand, have several elements that set them apart from honeypots. This is a much less risky tactic, and is carried out when a company suspects that some of their programs or applications may contain malware.
In this case, the company totally isolates the process. Not only will it be carried out on another server and the possible ways in closed, but it will also be run on just one computer, making sure that at no time does this computer establish any kind of connection with other devices in the company.
So, while the goal of the honeypot is to attract attackers in order to avoid their attacks, making them waste their time, sandboxing is focused on evaluating possible infections that could already have affected the system, and running them in isolation so that they don’t affect the rest of the company.
Sandboxing is therefore a perfect strategy for companies that work with material downloaded from the Internet that could potentially compromise IT security. It is also very useful for when an employee, because of a lack of cybersecurity training and awareness, downloads an attachment that could be a threat to the company’s IT systems.
The fact is that there is one thing that needs to be made clear in companies: independently of their size, right now, all of them are susceptible to being attacked and falling victim to cybercrime. Therefore, in this context, it is vital to broaden the range of options when it comes to protecting cybersecurity using IT risk prevention.