ENISA has tested honeypots, which are digital systems and traps used by security companies to analyze cyber attacks that mimic real world scenarios, by measuring their effectiveness and practicality and has provided results with recommendations that would allow CERTs, governments and companies to find the best suitable solution that may fit their needs. The main goal of the testing was “to offer insight into which solutions are best from the point of view of deployment and usage by a security team” notes ENISA in its report [PDF].
Evaluation of these digital traps was done through the use of evaluation procedure developed by Christian Seifert, Ian Welch and Peter Komisarczuk back in 2006. Some of other major criterion based on which the honeypots were evaluated include user friendliness; types of honeypots; low-interaction and high-interaction honeypots among others.
ENISA has noted that despite the maturity of honeypots that are currently available, there is still room for improvement when it comes to presentation of analyzed data. Need of specialized knowledge, code level tweaking are some of the other areas that may hinder adoption of such digital trap systems.
The information security agency still recommends that if CERTs or government agencies or companies for that matter have the required resources at their disposal, they should go for such systems. In case of unavailability of required budget, companies should go for open source alternatives.