About HoneyForge

A deception-based detection platform that identifies attackers inside the network,
before they reach critical systems.

Post-perimeter Detection

Detecting What Your Perimeter Misses

HoneyForge operates inside the network, after the perimeter has been crossed.

Most organisations have invested heavily in firewalls, endpoint controls, and identity management. What those tools can't reliably detect is what happens once an attacker is already inside; reconnaissance, lateral movement, credential testing. HoneyForge addresses that gap by deploying passive deception services inside the environment. Any interaction with those services is a high-confidence signal that something is wrong.

Internal Threat Detection

Identifies lateral movement and reconnaissance activity.

High-Confidence Alerting

Any interaction with deception services is a confirmed threat signal.

SIEM And SOC Integration

Alerts flow directly to your existing security platform.

Passive Deployment

No agents, no inline changes, no disruption to existing infrastructure.

How It Works

The HoneyForge Approach

Simple to deploy. Passive by design. High-confidence by nature.

Passive Deployment

HoneyForge connects to a network switch with no agents required on endpoints and no changes to existing network traffic. Onboarding typically completes within five to ten working days.

  • Single PoE-powered device
  • No endpoint agents
  • No inline network changes

Deception-Based Detection

Deception services are deployed passively inside the environment, simulating real systems that no legitimate user would ever interact with. Any contact is a confirmed threat signal.

  • File servers, domain services, databases
  • Network scanning and enumeration detection
  • Credential testing and lateral movement visibility

Integrated Alerting

Alerts flow directly to the customer's SIEM, Microsoft Sentinel, or SOC platform the moment a deception service is touched. HoneyForge detects — your security team responds.

  • REST API and webhook integration
  • Compatible with major SIEM platforms
  • No data sent back to BUI centrally

Get Started With A No-Cost Pilot

HoneyForge is currently available as a three-month early access pilot at no cost, exclusive to existing customers. A physical device is installed in your environment, deception services are configured, and alerts are integrated with your existing SIEM or SOC platform. At the end of the pilot, you decide whether to continue based on what you've seen, not a sales conversation.

Get Started