A honeyfile is a type of honeypot, specifically a file (trap file). It inherits the properties of a honeypot, in that legitimate agents such as users and processes should not access the file. When a service does access the file, it is deemed malicious, allowing it to be blocked. Honeyfiles exist for ransomware prevention. Honeyfiles are useful because they can detect slow data exfiltration, which wouldn't be detected by other methods such as by monitoring traffic spike anomalies.
Honeyfile vs Honeypot
A honey file is a subset of honeypot, that is, all honey files are honeypots.
- Honey file
- Trap file