Techniques for bridging a honey network to a suspicious device in a network (e.g., an enterprise network) are disclosed. In some embodiments, a system for bridging a honey network to a suspicious device in an enterprise network includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an internal network communication from a suspicious device in the target network environment to the virtual clone for the target device in the honey network.