Honeypots and Protective Cyber Technology

This is my last blog in the recent series I have been writing about Protect part of the NIST cybersecurity framework. So far in In this series I have covered Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures. This concluding blog focuses on Protective Technology.

There are a number of different types of protective technology software but the key ones are obviously having firewalls, which can take different forms. Most organisations have firewalls that are hardware firewalls, but most modern computers have a software firewall this works in a similar (although not as sophisticated) was as a hardware firewall, which means that only the internet traffic that you want to allow in is permitted to come through the “door”.

A computer without a firewall is a bit like having all the doors and windows in the building open and unguarded, offering unfettered access. Anyone can climb in through the windows and rummage around. A firewall locks down all doors and windows, and puts a bouncer on the front door.

Malware protection or antivirus software as it is known to the general public provides protection from malware, which is software that is written to do something that the user is not expecting. Antivirus software is not infallible though, and it too must be kept updated. Antivirus software usually uses a virus definition file to recognise malware, this file is usually downloaded from a corporate server or from the antivirus manufacturer’s servers. Without the latest virus definition file, the software won’t be able to recognise a virus, so it's vital that it is kept up to date.

The last type of protective software that I’ll cover in this article is intrusion detection software. This can take various different forms, but all of them have the same function of allowing enterprises to monitor Internet and internal network traffics for activity that is unusual, or suggests that the organisation is being attacked by a hacker or that a machine on the network has been infected by malware.

CYBER HONEYPOTS

A cyber honeypot is computer system that appears to contain something of interest to a hacker, or that appears to be unprotected, thus attracting the attention from those targeting the organisation. In reality honey pots are not what they seem to be, they are in fact sophisticated tools that allow IT teams to identify potential issues and then take appropriate action. This is similar to the police baiting a criminal and then conducting undercover surveillance, and finally punishing the criminal.

This concludes this series on the Protect function, which form of the NIST cyber framework. To summarise, it is important to develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect function supports the ability to limit or contain the impact of a potential cybersecurity event.

Examples of outcome categories within this function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.