Honeypots for Active Defense - Greg Foss Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)
Honeypots for Active Defense
Greg Foss
Derbycon 2015

A Practical Guide to Deploying Honeynets within the Enterprise InfoSec analysts are all somewhat familiar with honeypots. When they are given the proper attention, care and feeding, they produce invaluable information and can be a critical asset when it comes to defending the network. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor, right? Not exactly, when deployed and monitored properly, honeypots and honey tokens are a simple way to alert on anomalous activity inside the network. But how can an organization that is not focused on research gain valuable threat intelligence using honeypots and actively defend their network using indicators generated from? The answer is honeypots for active defense. There are currently many open source security tool distributions that come pre-loaded with honeypots among other useful tools, however the honeypot software is often not deployed in an effective manner. This session will discuss techniques to leverage honeypots in ways that will not overburden the security team with massive logs to sift through and focuses efforts on correlating active threat data observed in the honeypots with the production environment. When deploying honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network.

Greg Foss is a Senior Security Research Engineer with the LogRhythm Labs Threat Intelligence Team, where he focuses on developing defensive strategies, tools, and methodologies to counteract advanced attack scenarios. He has nearly a decade of experience in the Information Security industry with an extensive background in Security Operations; focusing on Penetration Testing and Web Application Security. Greg currently runs the Incident Response and Red Team practices at LogRhythm and holds multiple industry certifications including the OSCP, GAWN, GPEN, GWAPT, GCIH, and C|EH, among others.

@heinzarelli

Back to Derbycon 2015 video list



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek