DecoyNet is a system based on OpenCanary, being only an installation on the Tinker Board. All other parts such as dashboard, API and background services are developed by our infrastructure expert Jurica Banić.
Before the development of DecoyNet, there was no means to track data about attacks and incidents. The device is for the user’s individual local networks, since the idea of the system is to detect the events inside the user's local network.
Collected data is used to show the ways that a network should be protected and what happens inside a local network. This means identifying if the hackers attack came through e.g. phishing, meaning education of the team is needed. Or directly to the firewall, meaning to adjust the infrastructure.
OpenCanary is an open source software and was chosen because it is the optimum quality and service for creating plans.
DecoyNet is a network of honeypots - honeynet, and collects all data from the device. If there is a strong desire by the user, the device can collect data from only one network that only that person or company owns. Users of our services can get advice, solutions are available, and they can also ask our experts for their opinion.
DecoyNet system detects vulnerability types and attack vectors. Types of attacks can be external and internal, and there are 12 services whose attacks are recorded by DecoyNet - these are databases, VOIP phones, Android devices, and the like.
At best, CSEC has that material to analyse and make suggestions on how to improve protection. Based on the vector, when it happens, from where, etc., and can have an advisory decision.
DecoyNet is a decoy for a hacker that lures him into launching an attack, but in fact the hacker will find nothing. When the user has information about a hacker’s attack, which is a campaign, an attack on the database, the user has both the means and the desire to protect the database. For example, if a certain location is seen, it can be geo-blocked to protect the system.
DecoyNet improves the security measures of a company or an individual in the long term because it is visible which campaigns are in progress, which systems and where the attacks are coming from.