Top honey pots & reviews of canary

Can anyone recommend the best honey pots esp those that are effective against
APTs & ransomwares?

We are looking at https://canary.tools  : any reviews on this company's honeypot?
sunhuxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
You never see APT coming.
0
btanExec ConsultantCommented:
You can check out TrapX CrypotTrap.
known as Deception Tokens – you can leave a trail of breadcrumbs that lead ransomware seeking network storage back to an SMB decoy, effectively luring the ransomware into a trap.  Without needing ANY third party quarantine solutions, the source machine is also taken off the network, and alerts are raised.  Only a tiny fraction of the files that would have been lost are encrypted.  However, if you choose NOT to disconnect the compromised machine, the ransomware can be kept in a cycle where it has a large number of files to encrypt, effectively keeping it from spreading to other network shares, so no more valuable data is scrambled.
https://trapx.com/product/

The safeguards are paramount as any inadvertent ransomware is set loose, it may compromise the network and other asset, containment controls are required to trap it within its doing of the malicious act and not venture to other area not intended too..or exposed purposely. Another candidate is Attivo that looks at kill chain, so called "APT" advances from recon to exploitation to persistence..
0
sunhuxAuthor Commented:
Thanks.

Next question my management will ask is:
how do we assess which honeypot is better ?

Esp we have been attacked several times by ransomware
& we have 30000-120000 emails with malwares (about 60-75% of these malwares are ransomwares) in it
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

sunhuxAuthor Commented:
So can I say TrapX is more specialized than the one by canary in trapping ransomwares?
0
btanExec ConsultantCommented:
The qns is not how you assess which honeynet is better as it depends how enticing you create the "breadcrumbs" and how "involved" you want the honeypot to be interacting with the attacker. The more crumb does not mean honeypot will get better results but it may backfire as it becomes hint to the threat actor, same for the interactive honeypot as a single mistake or misconfiguration, it can fail your whole implementation. But if you need some pointers, then you can assess
a) its flexibility to become interactive or passive - how long to facilitate the continuous interaction adn what user action required
b) its extensiveness of honey token that can be created - how many real and dummy data needed
c) its false positive rate to confirm penetration - how early it started
d) its safeguards to confirm no wild cross infection to prohibit certain zone or segment - the fail secure mechanism
e) its clean up of the token deployed, its reporting and notification of events, its self learning to baseline environment and log piping to SOC
f) its deployment speed and ease without disruptive changes to the environment

TrapX has use case to trap ransomware and give what they are looking at and target "their sweet spot" like document folder, desktop store, mapped drive, external drive,  etc..Canary is specific to the token to be deployed and I am not sure if it can simulate what CryptoRansomare is looking out for... best is that you can try out RanSim against the honeypot and see how it responds in a isolated environment ...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gheistCommented:
Maybe start with email filtering?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.