Why use SecuriOT HoneyPot NET?

A unique solution to provide an ”Early Warning” capability in case of an incident. Better chance to minimize the consequences
of an attack, since an incident will be discovered early. Access to expertise with a thorough understanding of OT environments.

Empowered by Defenica

Rapidly detect cyber threats/risks with SecuriOT HoneyPot NET. The faster a threat can be detected the faster you can respond to it.

SecuriOT HoneyPot Net is a service that complements the company’s vulnerability monitoring. The service provides real-time alarms and information when a critical component is under an attack. The company’s incident response activities and contingency plans can then be launched quickly in order to investigate the event and minimize any damage.

The service requires that a passive honeypot device is installed in the company’s OT infrastructure. It pretends to be one or more critical components of the company’s OT devices (such as PLC, RTU, firewall or camera). The device is silent and generates no traffic as long as it is not asked. If it receives traffic, it will respond and pretend to be for example a Siemens PLC, a Beckhoff TwinCat PLC or a camera.

SecuriOT Honeypot NET is a unique product and the only commercial device (what we know of) that can act as a real honeypot with MAC spoofing. Even shodan cannot tell the difference.

SecuriOT Honeypot NET can be delivered in two ways

SecuriOT Honeypot NET – Closed

  • The device is placed in the OT network without access to the Internet

  • Alerts and information from the device are sent to the customer’s SIEM solution

  • The customer receives alarms and handles incident response via SOC / SAC

SecuriOT Honeypot NET – Open

  • The device is placed in the OT network with access to the Internet (through the DMZ)

  • Alert and information from the device are sent to SecuriOT’s HoneyNet portal

  • The customer’s responsible receives alarms via email or SMS