With all that has taken place over the past two years, managed service providers (MSP) are at a critical juncture regarding cybersecurity. As digital footprints expand, so do the risks facing every business, including MSPs and their clients. From remote and hybrid work environments to the increasing use of cloud solutions to manage business processes, there are many new threats and more opportunities for cybercriminals to infiltrate key systems.

Honeypots bait threat actors and protect legitimate client environments from a variety of malicious activities.

Amy Luby, Founder of Modern MSP

AUTHOR: Amy Luby, Founder of Modern MSP

To address these risks, MSPs must implement technologies that can thwart attacks and give them greater and more proactive cyber and mitigation capabilities. Honeypots can aid in that process. These applications serve as decoys, acting as a potential target for attackers − usually, a server or other high-value asset − then gather information and notify IT teams about any unauthorized attempts to access information or business systems. Honeypots bait threat actors and protect legitimate client environments from a variety of malicious activities.

Attackers will believe they have free access to critical business systems when, in fact, the applications isolate them from the network. Honeypots can be used as test environments to deflect and validate protection schemes, logging cybercriminals’ keystrokes and alerting MSPs about access attempts.

While traditional IDS/IPS rely on published signatures to identify attacks, these applications validate incident response capabilities and can provide a powerful deterrent to insider threats. Here are a few types of honeypots IT service professionals can implement to secure their clients’ mission-critical digital resources:


MSPs must take the reins of cybersecurity

MSPs as cyber threat protectors for the SMB

The key to MSP success is leading with cybersecurity expertise

Types of honeypots


Low-interaction honeypots

Honeypots that run in the background are a good way to protect clients against phishing attacks and detect malware. Many incidents target client-side applications, such as email and web browsers. Low-interaction honeypots intercept malicious attacks and collect information about their origins and methods. Security professionals can identify and prevent future attacks using these relatively easy-to-implement and maintain solutions.

High-interaction honeypots

These versions allow hackers to interact with the system with very few restrictions and gather as much information as possible about the attackers and their techniques. High-interaction honeypots are a valuable resource for studying threat actor behaviors and the tools and tactics they employ to target networks and business systems.

Email traps

These solutions lure and capture electronic messages and attachments from automated email address harvesters. Trap applications collect and analyze data on the spammers, redirect those messages, and identify suspect IP addresses.

Malware honeypot

As the name indicates, these solutions act as a decoy to encourage malware attacks. Managed service providers can leverage these tools to assess and recommend the proper anti-virus and anti-malware software for their clients.


Networks of honeypots can spoof real business IT environments, including multiple systems, servers, databases, routers, and a host of digital assets. Honeynets mimic the entire ecosystem, encouraging cybercriminals to engage for longer periods and allowing IT professionals to gather more data on the threat actor’s activities, tools, and techniques.

Spider honeypot

Similar to spam or email traps, these solutions trap web crawlers by creating links and web pages only accessible to those attacks. Identifying these threats allows security-minded MSPs to block malicious bots and malware.

The good and the bad

Detecting insider threats with honeypots is an inexpensive and low-risk way to test your client’s system wherewithal. These solutions allow MSPs to test internal and external security teams’ responses to suspicious activity.

While there are several benefits to using honeypots to protect your clients’ networks, they are not foolproof and can still be compromised. Sophisticated intruders using well-known open-source utilities like Nmap allow them to decrypt encrypted messages, which could compromise honeypots. And as cybercriminals become savvier, they can also use a decoy computer system to gain more insight into your client’s network and how they could obtain full access or provide you with bad intelligence, which could also lead to false positives, sending IT professionals on a wild goose chase.

In addition, because of the type of data collected, there are potential legal issues if an innocent third party with no ill intent gets snared into the trap. Those concerns include entrapment and violations of privacy and anti-hacking laws, which MSPs can avoid by minimizing the types of information they collect and including disclosures in their standard Terms and Conditions.

When it comes to keeping your clients’ data safe, prevention is the best strategy, and knowledge is power. Leveraging tools that provide insight into how cybercriminals attack allows your team to stay a step ahead and implement proper protections to ward off potential attacks.

About the author

Amy Luby is the Founder of Modern MSP. A proven entrepreneur and pioneer in the IT services industry, Amy founded and built one of the first Managed Services Providers in America. Next, she expanded that business into one of the first Master MSPs, defining both business models in the process. You can connect with her on Facebook, Twitter, and LinkedIn.