Submit Search
Upload
Modern Honey Network at Bay Area Open Source Security Hackers
•
Download as PPTX, PDF
•
2 likes
•
2,595 views
Jason Trost
Follow
Modern Honey Network talk presented at Bay Area Open Source Security Hackers on 2014-09-24.
Read less
Read more
Data & Analytics
Report
Share
Report
Share
1 of 13
Download now
Recommended
Modern Honey Network (MHN)
Modern Honey Network (MHN)
Jason Trost
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Jason Trost
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Jason Trost
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
Jason Trost
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
Jason Trost
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Cloudera, Inc.
Recommended
Modern Honey Network (MHN)
Modern Honey Network (MHN)
Jason Trost
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Jason Trost
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Jason Trost
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
Jason Trost
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
Jason Trost
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Cloudera, Inc.
Fighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache Spot
markgrover
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Jason Trost
Episode IV: A New Scope
Episode IV: A New Scope
ThreatConnect
Honeynet architecture
Honeynet architecture
amar koppal
Open Source Malware Lab
Open Source Malware Lab
ThreatConnect
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
Niel Dunnage
Reducing Mean Time to Know
Reducing Mean Time to Know
Sqrrl
Hadoop and Big Data Security
Hadoop and Big Data Security
Chicago Hadoop Users Group
Save Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Blue Coat
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Kevin Finley
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
Sqrrl
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
Sqrrl
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Tony Cook
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat Detection
Sqrrl
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Chi En (Ashley) Shen
The Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Jisc
Pengamanan Jaringan dengan Honeynet-Charles Lim
Pengamanan Jaringan dengan Honeynet-Charles Lim
Directorate of Information Security | Ditjen Aptika
Modul metasploit
Modul metasploit
Setia Juli Irzal Ismail
More Related Content
What's hot
Fighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache Spot
markgrover
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Jason Trost
Episode IV: A New Scope
Episode IV: A New Scope
ThreatConnect
Honeynet architecture
Honeynet architecture
amar koppal
Open Source Malware Lab
Open Source Malware Lab
ThreatConnect
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
Niel Dunnage
Reducing Mean Time to Know
Reducing Mean Time to Know
Sqrrl
Hadoop and Big Data Security
Hadoop and Big Data Security
Chicago Hadoop Users Group
Save Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Blue Coat
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Kevin Finley
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
Sqrrl
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
Sqrrl
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Tony Cook
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat Detection
Sqrrl
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Chi En (Ashley) Shen
The Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Jisc
What's hot
(20)
Fighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache Spot
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Episode IV: A New Scope
Episode IV: A New Scope
Honeynet architecture
Honeynet architecture
Open Source Malware Lab
Open Source Malware Lab
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
Reducing Mean Time to Know
Reducing Mean Time to Know
Hadoop and Big Data Security
Hadoop and Big Data Security
Save Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat Detection
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
The Art and Science of Alert Triage
The Art and Science of Alert Triage
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Viewers also liked
Pengamanan Jaringan dengan Honeynet-Charles Lim
Pengamanan Jaringan dengan Honeynet-Charles Lim
Directorate of Information Security | Ditjen Aptika
Modul metasploit
Modul metasploit
Setia Juli Irzal Ismail
05 tk3193-sniffing & dos
05 tk3193-sniffing & dos
Setia Juli Irzal Ismail
13. representasi data 1 julv1
13. representasi data 1 julv1
Setia Juli Irzal Ismail
17. representasi data 5 julv2
17. representasi data 5 julv2
Setia Juli Irzal Ismail
4. alat input output jul
4. alat input output jul
Setia Juli Irzal Ismail
14. representasi data 2 jul
14. representasi data 2 jul
Setia Juli Irzal Ismail
Jurnal metasploit(revisi)
Jurnal metasploit(revisi)
Setia Juli Irzal Ismail
15. representasi data 3 jul
15. representasi data 3 jul
Setia Juli Irzal Ismail
16. representasi data 4
16. representasi data 4
Setia Juli Irzal Ismail
Jurnal modul 3 vpn
Jurnal modul 3 vpn
Setia Juli Irzal Ismail
Viewers also liked
(11)
Pengamanan Jaringan dengan Honeynet-Charles Lim
Pengamanan Jaringan dengan Honeynet-Charles Lim
Modul metasploit
Modul metasploit
05 tk3193-sniffing & dos
05 tk3193-sniffing & dos
13. representasi data 1 julv1
13. representasi data 1 julv1
17. representasi data 5 julv2
17. representasi data 5 julv2
4. alat input output jul
4. alat input output jul
14. representasi data 2 jul
14. representasi data 2 jul
Jurnal metasploit(revisi)
Jurnal metasploit(revisi)
15. representasi data 3 jul
15. representasi data 3 jul
16. representasi data 4
16. representasi data 4
Jurnal modul 3 vpn
Jurnal modul 3 vpn
Similar to Modern Honey Network at Bay Area Open Source Security Hackers
Hortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptx
Hortonworks
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Cloudera, Inc.
Security Breakout Session
Security Breakout Session
Splunk
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
Cloudera, Inc.
Supporting Financial Services with a More Flexible Approach to Big Data
Supporting Financial Services with a More Flexible Approach to Big Data
WANdisco Plc
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union
Cloudera, Inc.
Big data beyond the hype may 2014
Big data beyond the hype may 2014
bigdatagurus_meetup
Make Streaming Analytics work for you: The Devil is in the Details
Make Streaming Analytics work for you: The Devil is in the Details
DataWorks Summit/Hadoop Summit
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
Hortonworks
Ciso executive forum 2013
Ciso executive forum 2013
Bill Burns
Enterprise Apache Hadoop: State of the Union
Enterprise Apache Hadoop: State of the Union
Hortonworks
System Security on Cloud
System Security on Cloud
Tu Pham
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Italia
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Grid Dynamics
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark Summit
S2DS London 2015 - Hadoop Real World
S2DS London 2015 - Hadoop Real World
Sean Roberts
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
big data and cloud computing
big data and cloud computing
Mohamed Sharique Vellikan
Enterprise Hadoop with Hortonworks and Nimble Storage
Enterprise Hadoop with Hortonworks and Nimble Storage
Hortonworks
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Cristian Garcia G.
Similar to Modern Honey Network at Bay Area Open Source Security Hackers
(20)
Hortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptx
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Security Breakout Session
Security Breakout Session
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
Supporting Financial Services with a More Flexible Approach to Big Data
Supporting Financial Services with a More Flexible Approach to Big Data
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union
Big data beyond the hype may 2014
Big data beyond the hype may 2014
Make Streaming Analytics work for you: The Devil is in the Details
Make Streaming Analytics work for you: The Devil is in the Details
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
Ciso executive forum 2013
Ciso executive forum 2013
Enterprise Apache Hadoop: State of the Union
Enterprise Apache Hadoop: State of the Union
System Security on Cloud
System Security on Cloud
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for you
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
S2DS London 2015 - Hadoop Real World
S2DS London 2015 - Hadoop Real World
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
big data and cloud computing
big data and cloud computing
Enterprise Hadoop with Hortonworks and Nimble Storage
Enterprise Hadoop with Hortonworks and Nimble Storage
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Recently uploaded
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
nirzagarg
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
Switzerland Constitution 2002.pdf.........
Switzerland Constitution 2002.pdf.........
EfruzAsilolu
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
amy56318795
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
nirzagarg
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
ahmedjiabur940
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
nirzagarg
Data Analyst Tasks to do the internship.pdf
Data Analyst Tasks to do the internship.pdf
theeltifs
一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格
一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格
q6pzkpark
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
ptikerjasaptiker
Ranking and Scoring Exercises for Research
Ranking and Scoring Exercises for Research
Rajesh Mondal
SR-101-01012024-EN.docx Federal Constitution of the Swiss Confederation
SR-101-01012024-EN.docx Federal Constitution of the Swiss Confederation
EfruzAsilolu
怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制
怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制
vexqp
怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制
怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制
vexqp
Dubai Call Girls Peeing O525547819 Call Girls Dubai
Dubai Call Girls Peeing O525547819 Call Girls Dubai
kojalkojal131
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Valters Lauzums
PLE-statistics document for primary schs
PLE-statistics document for primary schs
cnajjemba
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
nirzagarg
Cytotec in Jeddah+966572737505) get unwanted pregnancy kit Riyadh
Cytotec in Jeddah+966572737505) get unwanted pregnancy kit Riyadh
Abortion pills in Riyadh +966572737505 get cytotec
Recently uploaded
(20)
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Switzerland Constitution 2002.pdf.........
Switzerland Constitution 2002.pdf.........
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Data Analyst Tasks to do the internship.pdf
Data Analyst Tasks to do the internship.pdf
一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格
一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Ranking and Scoring Exercises for Research
Ranking and Scoring Exercises for Research
SR-101-01012024-EN.docx Federal Constitution of the Swiss Confederation
SR-101-01012024-EN.docx Federal Constitution of the Swiss Confederation
怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制
怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制
怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制
怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制
Dubai Call Girls Peeing O525547819 Call Girls Dubai
Dubai Call Girls Peeing O525547819 Call Girls Dubai
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
PLE-statistics document for primary schs
PLE-statistics document for primary schs
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Cytotec in Jeddah+966572737505) get unwanted pregnancy kit Riyadh
Cytotec in Jeddah+966572737505) get unwanted pregnancy kit Riyadh
Modern Honey Network at Bay Area Open Source Security Hackers
1.
Modern Honey Network
(MHN) Open Source Honeynet Management Platform Colby DeRodeff Chief Technology Officer Jason Trost @jason_trost jason.trost [AT] threatstream [DOT] com
2.
Who am I
• Jason Trost (@jason_trost) • Director of ThreatStream Labs • Formerly at Endgame, Booz Allen, Dept. of Defense, Sandia Nat’l Labs • Background in Big Data Security Analytics • Big advocate of open source and open source contributor – Binary Pig – framework for large-scale static analysis using Hadoop – Apache Accumulo – Pig integration, Python integration, Analytics – Apache Storm – Elasticsearch plugins – Honeynet Project www.threatstream.com © 2014 threatstream Confidential 2
3.
ThreatStream • Cyber
Security company founded in 2013 and venture backed by Google Ventures and Paladin Capital Group. • SaaS based enterprise security software that provides actionable threat intelligence to large enterprises and government agencies. • Our customers hail from the financial services, retail, energy, and technology sectors. www.threatstream.com © 2014 threatstream Confidential 3
4.
Agenda • Background
• The Problem • What is MHN • MHN Architecture • Demo • Wrap-up www.threatstream.com © 2014 threatstream Confidential 4
5.
Background • Honeypots
can be very useful – Esp. if deployed behind your firewall – Catch internal scanning hosts – Early warning system • Honeypot and network sensor data is useful, esp. at scale – Threat feeds – Reputation engine – Attack trends – Is this IP only attacking me? Or others? www.threatstream.com © 2014 threatstream Confidential 5
6.
The Problem •
Deploying/Managing Honeypots is difficult • These activities are harder than they should be: – Installing Honeypot packages – Managing Honeypot sensors – Setting up data flows – Analyzing the collected data • Because of this, honeypots are not used as much as they could be in production • We hope to change that www.threatstream.com © 2014 threatstream Confidential 6
7.
What is MHN
• Modern Honey Network • Open source platform for managing honeypots, collecting and analyzing their data • Makes it very easy to deploy new honeypots and get data flowing • Leverages some existing open source tools – hpfeeds – nmemosyne – honeymap – MongoDB – Dionaea, Conpot, Snort, Kippo – Glastopf, Amun, and Wordpot www.threatstream.com © 2014 threatstream Confidential 7
8.
Honeypot Management •
MHN Automates management tasks • Deploying new honeypots • Setting up data flows using hpfeeds • Store and index the resulting data • Correlate with IP Geo data • Real-time visualization www.threatstream.com © 2014 threatstream Confidential 8
9.
Architecture MH N
Mnemosyne honeymap Webapp REST API 3rd party apps hpfeeds snort conpot dionaea snort conpot dionaea snort conpot dionaea Sensors Kippo Kippo Kippo Glastop f Glastop f Glastop f Amun Amun Amun www.threatstream.com © 2014 threatstream Confidential 9
10.
Demo www.threatstream.com ©
2014 threatstream Confidential 10
11.
Open Source (GPLv3)
github.com/threatstream/MHN www.threatstream.com © 2014 threatstream Confidential 11
12.
Questions www.threatstream.com ©
2014 threatstream Confidential 12
13.
Contact • Jason
Trost • @jason_trost • jason.trost [AT] threatstream [DOT] com • github.com/jt6211 www.threatstream.com © 2014 threatstream Confidential 13
Editor's Notes
Good evening welcome to our talk on the Modern Honey Network, an open source platform managing Honeynets
have you tried setting up hpfeeds based data flows? It is a kind of a pain
also open sourced a small supporting project https://github.com/threatstream/snort_hpfeeds
Download now