At the BSides Augusta 2016 conference, I presented the economic challenges of defensive security and how honeypots can be used for cost effective network security monitoring.
2018 - Using Honeypots for Network Security Monitoringchrissanders88
A strong detection and response capability is required for the success of security program because prevention eventually fails and a motivated attacker can always find a way in. However, economics are not in favor of network security monitoring (NSM). Due to the hardware, software, and labor required it's expensive to deploy an NSM capability and hire qualified analysts to maintain and investigate the high volume of alerts, especially at scale.
In this presentation I'll discuss how honeypots are re-emerging as a practical solution for driving down the cost of network security monitoring. These aren't your traditional honeypots meant to sit outside the firewall to research automated malware. These are focused, use case specific honeypots that are designed to provide detection with a favorable signal to noise ratio. By integrating honeypots into your NSM strategy and taking a targeted approach, a grid of honeypots can realistically become your most cost effective detection tool. I'll make the case for honeypots like these and discuss implementation strategies that I've seen work. You should come away from this presentation with a unique perspective on honeypots and an actionable plan you can use to start evaluating and deploying tactical honeypots in your network.
Honeypots are information system resources whose value lie in illicit use of them.In simple words, they are a trap to track the ways in which a hacker can can attack a valuable resource to extract information from it.
2018 - Using Honeypots for Network Security Monitoringchrissanders88
A strong detection and response capability is required for the success of security program because prevention eventually fails and a motivated attacker can always find a way in. However, economics are not in favor of network security monitoring (NSM). Due to the hardware, software, and labor required it's expensive to deploy an NSM capability and hire qualified analysts to maintain and investigate the high volume of alerts, especially at scale.
In this presentation I'll discuss how honeypots are re-emerging as a practical solution for driving down the cost of network security monitoring. These aren't your traditional honeypots meant to sit outside the firewall to research automated malware. These are focused, use case specific honeypots that are designed to provide detection with a favorable signal to noise ratio. By integrating honeypots into your NSM strategy and taking a targeted approach, a grid of honeypots can realistically become your most cost effective detection tool. I'll make the case for honeypots like these and discuss implementation strategies that I've seen work. You should come away from this presentation with a unique perspective on honeypots and an actionable plan you can use to start evaluating and deploying tactical honeypots in your network.
Honeypots are information system resources whose value lie in illicit use of them.In simple words, they are a trap to track the ways in which a hacker can can attack a valuable resource to extract information from it.
InfoSec analysts are all somewhat familiar with Honeypots. When they are given the proper attention, care and feeding, they produce invaluable information and can be a critical asset when it comes to defending the network. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor, right? Not exactly; when deployed and monitored properly, Honeypots and Honey Tokens are a simple way to alert on anomalous activity inside the network. But how can an organization that is not focused on research gain valuable threat intelligence using Honeypots and actively defend their network using indicators generated from an internal Honeynet?
The answer is Honeypots for Active Defense. There are currently many open source security tool distributions that come pre-loaded with Honeypots among other useful tools, however the Honeypot software is often not deployed in an effective manner. This session will discuss techniques to leverage Honeypots in ways that will not overburden the security team with massive logs to sift through and focuses efforts on correlating active threat data observed in the Honeypots with the production environment. When deploying Honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network before they become the next headline.
Art into Science 2017 - Investigation Theory: A Cognitive Approachchrissanders88
This presentation was delivered at Art into Science 2017 in Austin, TX. I discuss the ongoing cognitive crisis in information security, and present original research methods and results related to the investigation process.
A Honey Pot is an intrusion (unwanted) detection technique used to study hacker movement and interested to help better system defences against later attacks usually made up of a virtual machine that sits on a network or single client.
Everything you really need to know about IDS (Intrusion Detection Systems) Combining with HoneyPots. Deployment and usage techniques used in the past and today. How to setup and deploy onto any network including the cloud. Reasons why this should be used in all networks. How to bring BIG DATA down to Small Data that is easy to understand and monitor.
It’s all over the news that data breaches occur daily! I asked WHY these hackers can download terabytes of data in timespans of months without being noticed. What are these companies paying their SOC team millions of dollars for? How come all the money is going to devices to prevent breaches and little to none in detecting when they occur? Don’t people know there are only two types of companies “those that been hacked, and those that don’t know they been hacked”. What can I do to detect a breach within seconds on any network scale? I think I figured it out. In my talk you’ll learn how you and your clients can benefit by applying my exclusive techniques, which I’ve successfully deployed. So the next time you get hacked the hacker would not be able to steal all those credit cards and photos of that Halloween party.
It deals with and explores the fascinating world of Honey pots.
It describes a security tool and concept known as a Honey pot and Honeynet.
Honey Pots and Honeynets are digital network bait, and through deception, they are designed to actually attract intruders.
www.presentationslive.blogspot.com
Using Canary Honeypots for Network Security Monitoringchrissanders88
In this presentation I talk about how honeypots that have more traditionally been used for research purposes can also be used as an effective part of a network security monitoring strategy.
InfoSec analysts are all somewhat familiar with Honeypots. When they are given the proper attention, care and feeding, they produce invaluable information and can be a critical asset when it comes to defending the network. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor, right? Not exactly; when deployed and monitored properly, Honeypots and Honey Tokens are a simple way to alert on anomalous activity inside the network. But how can an organization that is not focused on research gain valuable threat intelligence using Honeypots and actively defend their network using indicators generated from an internal Honeynet?
The answer is Honeypots for Active Defense. There are currently many open source security tool distributions that come pre-loaded with Honeypots among other useful tools, however the Honeypot software is often not deployed in an effective manner. This session will discuss techniques to leverage Honeypots in ways that will not overburden the security team with massive logs to sift through and focuses efforts on correlating active threat data observed in the Honeypots with the production environment. When deploying Honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network before they become the next headline.
Art into Science 2017 - Investigation Theory: A Cognitive Approachchrissanders88
This presentation was delivered at Art into Science 2017 in Austin, TX. I discuss the ongoing cognitive crisis in information security, and present original research methods and results related to the investigation process.
A Honey Pot is an intrusion (unwanted) detection technique used to study hacker movement and interested to help better system defences against later attacks usually made up of a virtual machine that sits on a network or single client.
Everything you really need to know about IDS (Intrusion Detection Systems) Combining with HoneyPots. Deployment and usage techniques used in the past and today. How to setup and deploy onto any network including the cloud. Reasons why this should be used in all networks. How to bring BIG DATA down to Small Data that is easy to understand and monitor.
It’s all over the news that data breaches occur daily! I asked WHY these hackers can download terabytes of data in timespans of months without being noticed. What are these companies paying their SOC team millions of dollars for? How come all the money is going to devices to prevent breaches and little to none in detecting when they occur? Don’t people know there are only two types of companies “those that been hacked, and those that don’t know they been hacked”. What can I do to detect a breach within seconds on any network scale? I think I figured it out. In my talk you’ll learn how you and your clients can benefit by applying my exclusive techniques, which I’ve successfully deployed. So the next time you get hacked the hacker would not be able to steal all those credit cards and photos of that Halloween party.
It deals with and explores the fascinating world of Honey pots.
It describes a security tool and concept known as a Honey pot and Honeynet.
Honey Pots and Honeynets are digital network bait, and through deception, they are designed to actually attract intruders.
www.presentationslive.blogspot.com
Using Canary Honeypots for Network Security Monitoringchrissanders88
In this presentation I talk about how honeypots that have more traditionally been used for research purposes can also be used as an effective part of a network security monitoring strategy.
Applied Detection and Analysis Using Flow Data - MIRCon 2014chrissanders88
In this presentation, Chris Sanders and Jason Smith discuss the importance of using flow data for network security analysis. Flow data is discussed from the viewpoints of collection, detection, and analysis. We also discuss the FlowPlotter tool, and the use of FlowBAT, a graphical flow analysis GUI we've created.
In this presentation I discuss the need for better understanding of the human investigation process. I demonstrate the tool agnostic investigation simulator I developed to observe and collet investigation data, and discuss results from some of these experiments.
Minding the Metacognitive Gap - BSides NOLAchrissanders88
As security investigators, even those of us with a great deal of experience aren’t very good at identifying how we perform our jobs successful. Our inability to understand our own thought processes can be defined as a lack of metacognitive awareness, and it negatively impacts our ability to perform investigations efficiently, and to train new apprentice investigators. In this presentation, I’ll discuss the metacognitive gap as it relates to security investigators. This will include a discussion of dual process theory and the role of intuitive and reflective thinking, as well as modern research techniques such as eye gaze tracking that can help us become better as investigators and build better tools to support our endeavors.
Applied Detection and Analysis with Flow Data - SO Con 2014chrissanders88
In this presentation, we discuss the benefit of using flow data for detection and analysis. We also discuss the SiLK flow analysis suite and the FlowPlotter tool that can be used for generating ad-hoc visualizations from flow data, as well as the upcoming FlowBAT tool that is used to ease analysis of this very useful data type.
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budgetchrissanders88
This presentation was originally given as a lightning talk for a Charleston ISSA meeting. I talk briefly about malware analysis, and how to get started with malware analysis on a budget using virtualization.
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
Honeypots are really useful for collecting security data for research, especially around botnets, scanning hosts, password brute forcers, and other misbehaving systems. They are also the cheapest way collect this data at scale. Deploying many types of honeypots across geo-diverse locations of the Internet improves the aggregate data quality and provides a holistic view. This provides insight into both global trends of attacks and network activity as well as the behaviors of individual malicious systems. For these reasons, we started the Modern Honey Network, which is both an open source (GPLv3) project and a community of hundreds of MHN servers that manage and aggregate data from thousands of heterogeneous honeypots (Dionaea, Kippo, Amun, Conpot, Wordpot, Shockpot, and Glastopf) and network sensors (Snort, Suricata, p0f) deployed by different individuals and organizations as a distributed sensor network. The project has turned into the largest crowdsourced honeynet in the world consisting of thousands of diverse sensors deployed across 35 countries and 5 continents worldwide. Sensors are operated by all sorts of people from hobbyists, to academic researchers, to Fortune 1000 companies. In this talk we will discuss our experience in starting this project, analyzing the data, and building a crowdsourced global sensor network for tracking security threats and gathering interesting data for research. We've found that lots of people like honeypots, especially if you give them a cool realtime visualization of their data and make it easy to setup; lots of organizations will share their data with you if it is part of a community; and lots of companies will deploy honeypots as additional network sensors, especially if you make it easy to deploy/manage/integrate with their existing security tools.
"Honeypot 101"
Computing Society, Royal Holloway, University of London
March, 2015
Abstract: How many times have you come across the term “honeypot” in your lectures and textbooks, or security talks? How much do you know about them? Is “honeypot” a security tool or concept? In this presentation, I’ll walk you through the basics of honeypots, discuss its applications, and demonstrate some honeypots used by researchers.
This ppt contains all the basics of honeypots like their types, implementation technologies, position in the network etc.
In the end, it contains a screenshot of a live honeypot processing.
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
2015 is turning out to be the most spectacular year of high profile compromises across almost every vertical and many companies are starting to consider new options to raise the bar for intrusion detection and incident response, including deploying honeypots.
In this workshop we will present an overview of the current state of the art of leveraging open source tools to build a novel intrusion detection system inside the enterprise. We will discuss the pros/cons and ins/outs of several major open source honeypots as well as how to manage and deploy these sensors using the Modern Honey Network, Splunk, as well as integration into other systems such as ArcSight. We will discuss real world deployments of honeypots, what worked and what didn't as well as recommendations for getting the most out of these non-convention network sensors.
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...BAINIDA
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Manager, Stelligence ในงาน THE FIRST NIDA BUSINESS ANALYTICS AND DATA SCIENCES CONTEST/CONFERENCE จัดโดย คณะสถิติประยุกต์และ DATA SCIENCES THAILAND
This paper discusses about the honeypot, which serves as advanced security tool minimizing the risks from attack on IT and networks. The methods deployed to show the working of honeypots are discussed in this paper along with advantage and disadvantages of honeypot.
This paper discusses about the honeypot, which serves as advanced security tool minimizing the risks from attack on IT and networks. The methods deployed to show the working of honeypots are discussed in this paper along with advantage and disadvantages of honeypot.
Trend Micro: This talk examines an overarching security strategy for your deployment, pulled from the real-world experiences of top companies around the world. Paired with services like AWS Lambda, this strategy can result in a unified view of your deployment and automatically respond to incidents – regardless of scale.
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
Although SIEM has been the cornerstone of security data analysis for years, it has struggled to meet the data triage and analysis needs required for incident response and hunting. It is too slow, difficult to use, and is often inadequately tuned or maintained to be helpful for on-demand data analysis.
In this session we’ll explore new security analytics technologies – rapid search, natural language, pattern-based correlations, and unstructured data – that can extend the on-demand data analysis of the SIEM to improve threat hunting and accelerate incident response.
Presented at AusCERT: May 25, 2016.
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...VOROR
While your organisation may have a series of cybersecurity protocols already in place, a supply chain attack requires you to prepare for data compromises that occur through the vulnerabilities in your vendor’s security protocols.
As vendors exist in a vast user network, a single compromised vendor results in multiple corporations suffering a data breach. This makes threats to the supply chain one of the most effective forms of cyberattacks because they access multiple targets from a single entry point. Website : https://voror.io
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
A presentation given in April 2019 in London during ICS Cyber Security Conference. I discuss an anonymized investigation conducted by our team to identify a real malware infection on a production network, the tools and techniques used to contain this threat and how to use threat intelligence and visibility to stay ahead of cyber adversaries.
Asset visibility and network baselining
Continuous network monitoring
Threat intelligence ingestion
Thorough incident response plans
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
3. Agenda
Security Economics
Traditional Honeypots
NSM Honeypots
Honeypot Applications
“Why honeypots are a cost effective strategy for
enhancing your network security monitoring
strategy.”
4.
5. Economics of Security
“If you want to understand the world of nature,
master physics. If you want to understand the
world of man, master economics.” - Taufiq
Rashid
High
Demand for
Security
Expertise
Low Supply
of Security
Practitioners
Expertise
Services
Software
9. Seminal Work
Large Orgs and Defense
Many Academic Papers
The Honeynet Project
Honeyd Software
10. Traditional Honeypots
Designed to be
attacked
Intentionally vulnerable
Primarily used for
specific research
Originally useful for
learning about
attackers
Useful for tracking
scanning and
proliferation of worms
12. Hold Your Horses!
1. Honeypots take a
lot of time to
maintain.
2. Honeypots
introduce
tremendous risk.
3. Attackers can use
honeypots as a
foothold.
4. Honeypots are
only for the most
mature
13.
14. NSM Honeypots
Premise:
Nobody should ever talk
to a honeypot
Attributes:
1. Placed inside the
network
2. Mimic existing systems
3. Low interaction
4. Extensive logging and
alerting
5. Goal oriented
21. Protect the Systems
Mimic Reality
Capture
Interaction
Generate an
Alert
Protect: Windows Systems using RDP
1. Deploy an RDP Honeypot [Tom’s,
OpenCanary]
2. Capture any connection attempt
3. Generate an alert to your SIEM/SOC
22. Protect the Data
Mimic Reality
Capture
Interaction
Generate an
Alert
Protect: HR data in spreadsheets
1. Deploy a HoneyDoc
2. Embed web bug that phones home
3. Configure OS file access monitoring
4. Generate an alerts when doc phones home,
or when file is accessed.
23. Protect the Users
Mimic Reality
Capture
Interaction
Generate an
Alert
Protect: Service account credentials
1. Create limited access honeyusers [DCEPT]
2. Detect cleartext credentials in memory
3. Generate an alert to your SIEM/SOC
24.
25.
26. The Challenge
Analysts…
...start looking for implementation opportunities.
Managers…
...ensure this technique is part of your analysts
toolbelt.
Vendors…
...develop affordable honeypot-based solutions.
Open Source Contributors…
...drive innovation in this space.
Security is only affordable for:
Military/Gov
Financial
Post-Breach Orgs
Economics of security are heavily tilted towards the attacker. As long as this remains, we continue to lose and lose ground.
This is why most new tech fails. We’ve had electric cars forever, they are just too expensive to operate, maintain, and charge.
We can go to space, but not affordably, yet.
TIME CHECK – 15 MINUTES
TIME CHECK – 20 MINUTES
If you get an alert from a honeypot, it’s worth investigating.
If someone hits your sign, the honeypot, they might hit your bridge, the sensitive system.
A great NSM strategy is like a great cheeseburger.