Which risks can be contained in the governmental sector with the use of the honeyBox®?
Malware has become a major problem in the governmental sector
Whether it is the industrial or office environment: the increased internal networking of data communications is leading to an increasing number of new IT security risks. Security risks such as denial of service attacks, the manipulation of data and systems or phishing can cause considerable damage in the governmental sector. But that’s just the tip of the iceberg: the attacks are becoming increasingly targeted, and are using methods and tools which conventional IT security solutions are unable to detect or prevent.
Conventional solutions do not provide sufficient protection -
patch management, virus protection, firewalls and intrusion prevention systems (IPS) are easily underestimated, and too few resources are made available for them. Furthermore, targeted hacking attempts make use of malicious code which anti-virus programs fail to detect for long periods of time. Stuxnet is a very good example of this.
It can even be the case that conventional solutions themselves cause failures and interrupt the data traffic. These can also be due to a firewall or an IPS in the direct data flow which amounts to an additional, direct risk of failure. Due to their functionality, it can also be the case that data traffic that previously worked flawlessly is suddenly impaired following an update.
and the monitoring of your LAN with IDS/IPS is insufficient.
Companies require reliable data about the security status of their network. With IDS/IPS, this cannot, on the whole, be achieved. In contrast to this, with honeypots it is, on the whole, possible to detect cases of unauthorised access.
Situation: You do not use comprehensive monitoring in your LAN. Attacks to your internal systems can, however, cause considerable damage.
Implementation: With the use of the honeypot appliances, you rapidly gain a solution which can be used in order to detect internal attacks to your LAN. This makes changes to the network structure unnecessary.
The result: through the detection and possible logging of attacks, you receive up-to-date notification on whether hackers are active in your network. If required, you can introduce steps so as to contain and analyse the attack.
Attributes which a security solution should fulfil in the governmental environment
Since governmental authorities have to be well networked and E-government applications should have a high degree of availability, it is necessary that the solution neither impairs the availability nor further increases the complexity. A passive solution which is easy to install and can be used without in-depth knowledge of IT security is therefore required. It should also be a no-false-positive solution which is low cost.
The honeyBox® honeypot appliance ticks these boxes.
With the honeyBox®, an all-in-one solution that is based on honeypot technology, the reliable detection of cyber attacks in internal networks is possible. The product that has been awarded the Bavarian Prize for IT Security (Bayerischer Sicherheitspreis), is also able to detect previously unknown attacks. Furthermore, the honeyBox® can be used in both large-scale data processing centres and in providers of public infrastructure services throughout Europe. It operates according to a simple principle in which a large amount of bait is laid out in several network segments. Low operating costs and a high quality system of notification also enable non-professionals to use the system with ease.
