In order to capture the prey, the hunter will set fresh bait. When the prey is tempted to eat the bait, it will fall into the trap set by the hunter and then be captured by the hunter, which is a common tactic in hunting. In business security defense, there is also a similar method of defense against attacks, called "honeypots" in the industry.
"Honeypot" is a proactive defense technology, by simulating one or more vulnerable vulnerabilities or flaws to induce attackers to launch attacks, so as to collect and capture attack traffic and samples, analyze the means of attack, discover network threats, extract threat characteristics, is a process of attack and defense game with attackers.
"Honeypot" has many application modes
Honeypots have a wide range of applications and are set up in different scenarios with different ways of capturing attacks.
Mailbox honeypots. Test email accounts that defenders will intentionally put out, attackers use scanners to discover these accounts, and after sending phishing or virus emails, they will be flagged by the mailbox honeypot for threats, and the IP source of the sender, etc., will be added to the blacklist to prevent subsequent threat attacks.
Crawler honeypot. Defenders set some fake web links on websites and apps, which write fake web pages that only crawlers can access and normal users cannot look at. When malicious crawlers find these pages and crawl them, the crawler honeypot will block the relevant IPs and analyze their crawling behavior.
Network Honeypot. The defender deploys one or more network vulnerabilities on the intranet or public network, and when an attacker uses the vulnerability to scan and attack, the honeypot is able to capture the attacker's behavior, IP address, characteristics, etc. and isolate them.
APP Honeypot. Pre-place some seemingly useful but actually trap data or code in the app to attract attackers' attention and expose their attacks, thus improving the security of the app. The defender sets one or more vulnerabilities in the App to induce attackers to scan, and after detection and discovery, the attacker's attack information is mastered, and further analysis of the attacker's attack tools, paths, and intentions is required to find their own system and defense vulnerabilities, and to target leak detection and remediation.
With the development of technology, honeypots are integrated with new technology applications, from separate product services, and become an integrated module of many security services. For example, AISECURIUS APP hardening integrated "honeypot" technology, able to identify and detect suspicious attacks, deny the execution of malicious instructions, the moment the attacker enters, its operation and behavior will be recorded by the honeypot, becoming an important information in the hands of the defender.
Honeypot technology makes App reinforcement both offensive and defensive
As part of AISECURIUS Defense Cloud, AISECURIUS end reinforcement supports Android, iOS, H5 and other platforms, with unique cloud policy, business security intelligence and big data modeling capabilities. It can effectively defend against memory injection, Hook, debugging, injection, multi-opening, memory Dump, emulator, secondary packaging and log leakage, and prevent the App from invasion, tampering, cracking, secondary packaging and other malicious attacks. Its unique "honeypot" function protects 16 kinds of data and files of Android, provides 7 kinds of encryption forms, and is the first to support the source code free reinforcement of iOS.
The AISECURIUS App hardening with integrated honeypot technology provides both offensive and defensive security capabilities.
Collects intrusion information and provides security intelligence. Honeypots are able to record information about any scans, probes and intrusion attempts, helping to identify emerging threats and intrusions, as well as help eliminate blind spots and help defenders use the information gathered to target defensive measures.
Confuse the attacker and thwart the intrusion. When the attacker infiltrates the app located outside the vulnerability, it also does not get any valuable information because its intrusion is a trap, which is a sandbox made by the honeypot.
Discover potential vulnerabilities and improve security protection. When the attacker invades the honeypot trap, the defender only needs to extract the attacker's attack methods from the honeypot as a way to discover more potential vulnerabilities and use leak detection to further strengthen the app.
Three main features of AISECURIUS APP reinforcement
AISECURIUS end reinforcement provides security reinforcement, risk warning and full lifecycle risk control protection for the app, meeting the requirements of personal information protection and security compliance.
All-round security of the App.
AISECURIUS end reinforcement can carry out security inspection for existing applications, find out the risk vulnerabilities of applications and carry out targeted repair and rectification, protect sensitive data, code obfuscation, code integrity, memory data, etc., avoid the security impact of system vulnerabilities on the application itself from the source, and ensure the security of app information.
Provide real-time risk warning for the App.
Based on Defense Cloud, AISECURIUS end reinforcement can provide App with mobile application operation for security monitoring, real-time monitoring of terminal equipment, operation environment and operation behavior during mobile application operation, and help App establish monitoring, early warning, blocking and traceability security system for runtime risks.
AISECURIUS is a full lifecycle prevention and control system for App.
App application security reinforcement shows the trend of normalization, pan-boundary and specialization, which means that enterprises' own simple protection can no longer meet the current new trend of network security protection and need to establish a more comprehensive security defense system. Mobile applications in the core code security, logic security, security function design, data transmission link security and other dimensions of the problem, to help build a solid security line of defense.