The HoneyPoint family of products represents a significant new approach to information security. Born out of a three year initiative to break the attacker cycle, its power and flexibility come from the underlying realization that attackers have a need for confidentiality, integrity and availability too. HoneyPoint leverages these needs and turns the tables on attackers at every opportunity.
The HoneyPoint strategy is simple, yet powerfully effective. HoneyPoints are flexible pseudo-server applications that are able to emulate thousands of real services such as web, email, database systems and others. Since these pseudo-services are not real applications, there is no reason for anyone to interact with them in any way. Thus, once deployed, any activity to a HoneyPoint is, by default, suspicious. Since attackers do their work by scanning for and examining services looking for vulnerabilities, the HoneyPoints lie in wait, trapping the attacker in the act of doing the exact thing that attackers seek to do – find vulnerable services!
While HoneyPoints seek to remove the confidentiality of attackers, we wanted to go beyond that basic approach. To accomplish this, MSI invented HornetPoints and HoneyPoint Trojans. HornetPoints also emulate typical services, but when they are probed, they don’t just alert – they engage in a patent-pending technique called “defensive fuzzing” that actively tampers with the attack results. In many cases, this actually breaks attacker tools and confuses all but the most focused of cyber-criminals.
HoneyPoint Trojans also make assaults on attacker integrity. These common appearing documents and files look just like any other juicy bits of target data, except these files hold a special secret – a sting. HoneyPoint Trojans alert security teams when they are interacted with, allowing you to find the source of illicit behavior and even track who is doing what as the Trojan is passed through the attacker underground. Imagine the impact that HoneyPoint Trojans have when attackers are afraid to read captured documents, unable to sort out what is real and what is a trap.
HoneyPoint Security Server can even target attacker availability. Using the incredibly flexible plugin architecture, it can easily be integrated with existing defense in depth tools such as routers, switches, firewalls and SEIM products. It can alert administrators for human responses or be a part of a fully automated security solution. Many clients depend on HoneyPoints and HornetPoints to drastically reduce their risk levels and to establish a “one strike and you are out” mechanism as part of a “black hole” perimeter defense.
By combining the components of HoneyPoint in a wide scope throughout your environment you can create new capabilities for securing your data, meeting your compliance requirements and understanding your risks and threats. The HoneyPoint products are simply the easiest, most accurate, most flexible and most manageable solution to providing security for an organization.
