Rapid7, Inc.
Containing compromised credentials using deception systems

Abstract:

Disclosed herein are methods, systems, and processes for containing compromised credentials using deception systems. A request to authenticate a credential is received at a honeypot and a determination is made that the request includes context information that correlates the credential with network components that are part of the network. A protected host in the network associated with the credential is identified and the credential is authenticated by validating the credential with the protected host. A determination is made that the credential is compromised and the credential is deactivated.