Logo of Acalvio, a leading company in cyber deception technology

What is a HoneyToken?

A “honeytoken” (or “honey token”) is a cybersecurity concept that involves using a piece of fake or deliberately misleading information to detect unauthorized access or monitor malicious activity.

Unlike honey pots or honey accounts, which simulate entire systems or accounts, honeytokens are typically discrete pieces of data that are placed within a system or network but are not supposed to be accessed or used by legitimate users. For example, a honeytoken could be a fake username and password, a specific file with an enticing name, a URL, or an email address that doesn’t correspond to an actual user. If any of these honeytokens are accessed or used, it’s a clear sign that unauthorized activity is occurring.

Honeytokens can be extremely valuable in identifying breaches or unauthorized access because they are rarely used by legitimate users. Therefore, any activity involving a honeytoken is highly likely to be malicious in nature. Monitoring honeytoken activity can provide insights into the methods and techniques used by attackers, as well as help organizations respond more quickly to security incidents.

Honey Token

How does Acalvio use HoneyTokens for identity security?

Acalvio provides an enterprise-scale implementation of Honey Accounts and HoneyTokens with automated life cycle management.

Acalvio Honey Accounts are deceptive accounts (representing human and service accounts) created in the Active Directory (AD) that are specifically designed to lure attackers and deflect them away from real identities.

HoneyTokens are deceptive credentials and data that are embedded in legitimate assets such as endpoints and cloud workloads. Any usage or manipulation of these deception artifacts is a very reliable indicator of an identity threat.

Acalvio recommends the count and types of Honey Accounts that can be registered on CrowdStrike. Acalvio also deploys HoneyTokens on endpoints. CrowdStrike monitors the activity on Honey Accounts and effectively blocks the identity threat based on that information.

Available on the CrowdStrike Store, the solution empowers customers to use Acalvio’s HoneyTokens and Honey Accounts seamlessly to detect identity threats.