3117 - Deploying Deceptive Systems: Luring Attackers Out from the Dark
Wednesday, October 10
8:30 AM - 9:30 AM
Location: Floor 3: Mardi Gras H, G, F
A popular phrase often heard in information security today is "assume we've been compromised." That phrase implies that the attacker has bypassed the expensive next-gen firewall; they've defeated endpoint security; and they're moving laterally throughout the network. So how do we as defenders find them? Additional logging and user behavior analytics can absolutely help, but both are expensive and complex to deploy. This talk will focus on the benefits of honeypots and honeytokens and how they can enrich an organization's threat detection capabilities. We'll focus on the different types of honeypots available, strategic deployment of these systems, and how to glean threat intelligence from them. The primary focus will be free and open source solutions, but we will also briefly touch on commercial solutions.
- Understand the benefits of honeypots and honeytokens for enhanced threat detection and intelligence.
- Understand the various types of free, open-source honeypot solutions that are available and the functions each of them perform.
- Develop a plan for strategically deploying honeypots and honeytokens throughout any given environment.