SecuriOT honeypot

The Technology

Executive summary - The Honeypot concept in a nutshell 

A  honeypot system is a passive monitoring system, that is designed with  “early warning' capabilities for especially production environments and  critical infrastructure. The honeypot system appears to be a legitimate  part of a customer core infrastructure. The core functionality in the  solution is to give alerts and warnings, if the infrastructure has been  breached by hackers or malware-related activities. 
 To describe the key concept, we can compare the honeypot concept as being a digital version of the caged canaries used in the mining industry in the 1900' 
Mine workers were carrying caged canaries (birds) into the mining tunnels. If  dangerous gases such as carbon monoxide appears in the mine, the gases  would kill the canary before killing the miners, thus providing a  warning that something was out of the ordinary and actions was required  to minimize the loss. This means that the miners have time to do the  prober actions and save the day before disaster strikes. 
 The  “digital” canaries are a honeypot solution deployed on the core network  of the production site or a plant: It will warn your security team at  an early attack stage. The hacker would be fooled to believe, that the  hacker is interaction with a real ICS-unit, like e.g. a Programmable  logic controller (PLC), an Ethernet-to-serial converter or a  Human-Machine Interface (HMI). while each interaction with the Honeypot  would be alerting to the cybersecurity team in the company. 
 The  core benefit of a honeypot solution is the “early warning” on such  attack. By having knowledge about someone or something is actively  exploiting and hacking your business-critical systems right now, can  reduce the overall impact, damage and potential loss from the incident.  Another great benefit is that the attacker is wasting precious time on  attacking a believable honeypot, rather that the real infrastructure...  and your security team gets more time to respond and stop the attack. 
 Honeypots  deployments is different from all other OT security equipment since  there are no valid reason for any communication to/from this device - as  it only purpose are to alert - this approach ensure that your company  will not waste time on 'false positives' (event/alerts, that use many  internal resources). 

Our honeypot is a High interaction honeypot - providing the best deception to keep the hacker busy

… while you can initiate your counter attack

The Technology behind a high interaction honeypot;

Our unique service let the honeypot; 
  • Fool Nmap to say “Yes it’s Moxa, Win-XP or Siemens PLC” 
  • PLCscan provides the expected reply
  • “Webserver” enabled 
  • Read – and writable modbus’ unit - just like a real device