Honeypot — Technology Wiki

Overview

Direct Answer

A honeypot is a deliberately vulnerable or attractive decoy system deployed within a network to detect, monitor, and analyse attacker behaviour. It serves no legitimate business function but instead captures detailed intelligence on intrusion techniques, malware signatures, and adversary tactics.

How It Works

Honeypots are configured with apparent security weaknesses, exposed services, or valuable-looking data to entice unauthorised access. Once compromised, they log all attacker interactions—commands executed, files accessed, lateral movement attempts—while isolating the decoy from critical infrastructure to prevent real damage.

Why It Matters

Organisations deploy honeypots to generate high-fidelity threat intelligence without risking production systems, reduce false positives from security monitoring, and gather forensic evidence for incident response and threat analysis. They also serve as an early warning system for novel attack patterns and zero-day exploitation.

Common Applications

Enterprise security operations centres use honeypots to study advanced persistent threat (APT) campaigns. Network administrators deploy them on perimeter segments, file servers, and database systems to detect lateral movement. Industrial control environments employ specialised honeypots to monitor attacks targeting operational technology.

Key Considerations

Honeypots generate substantial log data requiring skilled analysis and risk exposure if misconfigured—a compromised decoy can become a stepping stone to real systems. Their effectiveness depends on convincing realism; inadequately maintained decoys may fail to engage sophisticated attackers or consume resources without yielding actionable intelligence.

Related in Defensive Security

Security Operations Centre

A centralised facility where security professionals monitor, detect, analyse, and respond to cybersecurity incidents.

Intrusion Detection System

A system that monitors network traffic or system activities for malicious activity or policy violations.

Next-Generation Firewall

An advanced firewall that goes beyond traditional packet filtering to include application awareness and intrusion prevention.

Endpoint Detection and Response

Security technology that monitors endpoint devices to detect, investigate, and respond to cyber threats.

Security Orchestration Automation and Response

Technology that automates security operations by orchestrating tools and processes for incident response.

Incident Response Plan

A documented set of procedures for detecting, responding to, and recovering from cybersecurity incidents.

Digital Forensics

The process of collecting, preserving, and analysing electronic evidence for investigating security incidents.

Extended Detection and Response

A unified security platform that integrates data from endpoints, networks, cloud workloads, and email to provide holistic threat detection, investigation, and automated response.

Security Orchestration, Automation and Response

A technology stack that integrates security tools and automates incident response workflows, enabling faster triage, investigation, and remediation of security alerts.

Threat Hunting

The proactive search for cyber threats within an organisation's environment that have evaded automated detection, using hypotheses, threat intelligence, and advanced analytics.

More in Cybersecurity

Zero-Day Vulnerability

Offensive Security

A software security flaw unknown to the vendor that can be exploited before a patch is available.

AI Security

Offensive Security

The discipline of protecting AI systems from adversarial attacks, data poisoning, model theft, and prompt injection while ensuring the secure deployment of AI in production environments.

Spear Phishing

Offensive Security

A targeted phishing attack directed at specific individuals or organisations using personalised deceptive content.

Cyber Kill Chain

Offensive Security

A model describing the stages of a cyberattack from reconnaissance through data exfiltration.

End-to-End Encryption

Data Protection

A communication system where only the communicating users can read the messages, with encryption at both endpoints.

Cyber Threat Intelligence

Offensive Security

Evidence-based knowledge about adversary capabilities, infrastructure, motives, and tactics that informs security decisions and enables proactive defence against cyber attacks.

Cyber Insurance

Security Governance

Insurance coverage protecting organisations against financial losses from cyberattacks, data breaches, and related incidents.

Secure Access Service Edge

Network Security

A cloud architecture that converges networking and security services including SD-WAN, firewall, and zero trust access into a unified cloud-delivered platform.