Royal Holloway: Cloud-native honeypot deployment
What is your organisation’s incident response strategy when you are under attack? Do you ban all the offending IPs and hope the attacker stops, or do you try to collect information about the possible attack vector? What is the cost of shutting down some or all of your services? Alternatively, you can provision carbon copies of your cloud environment and quickly deploy a fake version of it using cloud-native services. Redirecting your attackers to this honeypot network lets you understand and mitigate attacks, gather threat analytics intelligence and, most importantly, gives you time to secure your environment. Exploring open problems facing cloud infrastructure, this article describes the implementation, feasibility and benefits of cloud-native honeypots.