When talking about cybersecurity not only do you have to act in a reactive, but also preventive way, because the best way to defend yourself against an attack is to get ahead of it, anticipate it and prevent it from occurring.
For this reason, more and more companies are dedicating part of their corporate cybersecurity resources to studying new trends, analyzing the latest cybercrime strategies, and ultimately being able to protect computer security of your company in a much more effective way, avoiding problems before they even arrive.
This is where two very common concepts arise in the sector: Honeypot and sandboxing, two concepts of prevention of computer risks that may seem similar, but that actually keep some differences.
The honeypot is a cybersecurity strategy directed, among other things, to deceive the possible cybercriminals. Whether through software or through human action, Honeypot makes a company pretend to have some ‘ entry doors ‘ to their systems that have not been sufficiently protected.
The tactics are next. Prior to this, a company decides to enable a number of servers or systems that look sensitive. Apparently, that company has left several untied ropes and seems vulnerable. Once left the trap, the intention is to attract the attacker, who will go to the call to try to enter. However, what the cybercriminal does not know is that, far from being finding a vulnerable door, it is actually being perfectly controlled and monitored by the company in question.
In this way, companies obtain a threefold benefit: firstly, to contain possible truly dangerous attacks; In second, entertain and wear the attacker wasting time; And in third, analyze their movements to detect possible new forms of attack that are taking place in the sector.
What is a sandbox?
The sandbox, on the other hand, includes several different elements in front of the honeypot. In this case it is a less risky tactic that takes place when a company is suspicious that some of its programs or applications can contain malware.
In that case, the company will completely isolate that process: it puts it on another server, closes the possible entry doors, runs it within a single computer, completely prevent that computer from establishing any type of connection with another device the company, etc.
So, while the goal of the honeypot is to lure the attacker to avoid their attack and waste time, the sandbox focuses on evaluating possible infections that may have already affected the system and execute them in isolation so that they do not affect the rest of the Company.