Roger Grimes recently published an article in InfoWorld, “No Honeypot? Don't Bother Calling Yourself a Security Pro,” that argues honeypots should be a pivotal part of any company’s security strategy. He notes that honeypots “can easily capture zero-day exploits, freshly minted malware, and roaming APT hackers,” which are some of the key drivers behind the Detection Gap problem. Despite that, Grimes notes that many businesses have yet to even use them.
So, what’s the holdup? I think many organizations have shied away from honeypots because of perceived difficulties in setting them up and operating them. Traditionally, honeypots also have required highly skilled security professionals to monitor them, scaring off some potential adopters. Also, some organizations mistakenly believe that multilayered firewall, intrusion prevention, antivirus and other defenses provide adequate protection.