Tracking malware with honeyclients

Today, I support honeypots because they are a must have early warning tool in any organization.

If you can't stop the hacker or malware it's hard to be perfect all the time the next best thing is early warning. Placing a honeypot within your enterprise network, next to other valuable assets, assures that any rogue outsiders or insiders will be discovered quickly. If the hacker or malware touches the fake asset, they are done. Low cost and low noise equals high value.

Unfortunately, in order for most honeypots to work, you have to wait for the attacker to assault the honeypot head on from a remote location. This set of circumstances ignores the fact that most malicious hacking occurs from client side attacks. Tracking malware with honeyclients | InfoWorld | Column | 2006-04-14 | By Roger A. Grimes

Linked by shanmuga Saturday, 15th April 2006 10:21PM