What is a trap?
A trap (also known as a Honeytoken) is data that looks interesting to an attacker but in reality is not. For example, you can think of a Word document or Excel file that contains financial data or passwords.
As soon as a hacker obtains such a document and opens it, you will receive a notification. A trap can thus be used as a detection tool to detect advanced cyberattacks.
The product is comparable to a DeepBlue Honeypot. Where a honeypot appears as a legitimate device in your corporate network, a trap looks like a legitimate document.
How does a trap work?
You upload a document of your choice to our Raven platform. The platform then provides the document with an invisible trap. You then place the file in your network, for example in your documents folder or in a Microsoft Teams folder. As soon as someone opens the file, you will be notified via our Raven platform.
The operation is similar to a tracking pixel, but our traps provide more information about the attacker, for example where it comes from. Also, the original location of the trap indicates which systems the hacker may have access to. This can help you in quick incident response because you can specifically block or change accounts.
Our platform offers support for different types of traps. In addition to documents, you can also think of login data or easy-to-crack passwords for certain user accounts. As soon as an attacker tries to log in with this information, you will receive a notification.