Submit Search
Upload
Modern Honey Network at Bay Area Open Source Security Hackers
•
Download as PPTX, PDF
•
2 likes
•
2,595 views
Jason Trost
Follow
Modern Honey Network talk presented at Bay Area Open Source Security Hackers on 2014-09-24.
Read less
Read more
Data & Analytics
Report
Share
Report
Share
1 of 13
Download now
Recommended
Modern Honey Network (MHN)
Modern Honey Network (MHN)
Jason Trost
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Jason Trost
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Jason Trost
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
Jason Trost
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
Jason Trost
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Cloudera, Inc.
Recommended
Modern Honey Network (MHN)
Modern Honey Network (MHN)
Jason Trost
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Jason Trost
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Jason Trost
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
Jason Trost
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
Jason Trost
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Cloudera, Inc.
Fighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache Spot
markgrover
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Jason Trost
Episode IV: A New Scope
Episode IV: A New Scope
ThreatConnect
Honeynet architecture
Honeynet architecture
amar koppal
Open Source Malware Lab
Open Source Malware Lab
ThreatConnect
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
Niel Dunnage
Reducing Mean Time to Know
Reducing Mean Time to Know
Sqrrl
Hadoop and Big Data Security
Hadoop and Big Data Security
Chicago Hadoop Users Group
Save Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Blue Coat
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Kevin Finley
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
Sqrrl
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
Sqrrl
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Tony Cook
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat Detection
Sqrrl
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Chi En (Ashley) Shen
The Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Jisc
Pengamanan Jaringan dengan Honeynet-Charles Lim
Pengamanan Jaringan dengan Honeynet-Charles Lim
Directorate of Information Security | Ditjen Aptika
Modul metasploit
Modul metasploit
Setia Juli Irzal Ismail
More Related Content
What's hot
Fighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache Spot
markgrover
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Jason Trost
Episode IV: A New Scope
Episode IV: A New Scope
ThreatConnect
Honeynet architecture
Honeynet architecture
amar koppal
Open Source Malware Lab
Open Source Malware Lab
ThreatConnect
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
Niel Dunnage
Reducing Mean Time to Know
Reducing Mean Time to Know
Sqrrl
Hadoop and Big Data Security
Hadoop and Big Data Security
Chicago Hadoop Users Group
Save Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Blue Coat
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Kevin Finley
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
Sqrrl
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
Sqrrl
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Tony Cook
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat Detection
Sqrrl
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Chi En (Ashley) Shen
The Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Jisc
What's hot
(20)
Fighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache Spot
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Episode IV: A New Scope
Episode IV: A New Scope
Honeynet architecture
Honeynet architecture
Open Source Malware Lab
Open Source Malware Lab
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
Reducing Mean Time to Know
Reducing Mean Time to Know
Hadoop and Big Data Security
Hadoop and Big Data Security
Save Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat Detection
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
The Art and Science of Alert Triage
The Art and Science of Alert Triage
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Viewers also liked
Pengamanan Jaringan dengan Honeynet-Charles Lim
Pengamanan Jaringan dengan Honeynet-Charles Lim
Directorate of Information Security | Ditjen Aptika
Modul metasploit
Modul metasploit
Setia Juli Irzal Ismail
05 tk3193-sniffing & dos
05 tk3193-sniffing & dos
Setia Juli Irzal Ismail
13. representasi data 1 julv1
13. representasi data 1 julv1
Setia Juli Irzal Ismail
17. representasi data 5 julv2
17. representasi data 5 julv2
Setia Juli Irzal Ismail
4. alat input output jul
4. alat input output jul
Setia Juli Irzal Ismail
14. representasi data 2 jul
14. representasi data 2 jul
Setia Juli Irzal Ismail
Jurnal metasploit(revisi)
Jurnal metasploit(revisi)
Setia Juli Irzal Ismail
15. representasi data 3 jul
15. representasi data 3 jul
Setia Juli Irzal Ismail
16. representasi data 4
16. representasi data 4
Setia Juli Irzal Ismail
Jurnal modul 3 vpn
Jurnal modul 3 vpn
Setia Juli Irzal Ismail
Viewers also liked
(11)
Pengamanan Jaringan dengan Honeynet-Charles Lim
Pengamanan Jaringan dengan Honeynet-Charles Lim
Modul metasploit
Modul metasploit
05 tk3193-sniffing & dos
05 tk3193-sniffing & dos
13. representasi data 1 julv1
13. representasi data 1 julv1
17. representasi data 5 julv2
17. representasi data 5 julv2
4. alat input output jul
4. alat input output jul
14. representasi data 2 jul
14. representasi data 2 jul
Jurnal metasploit(revisi)
Jurnal metasploit(revisi)
15. representasi data 3 jul
15. representasi data 3 jul
16. representasi data 4
16. representasi data 4
Jurnal modul 3 vpn
Jurnal modul 3 vpn
Similar to Modern Honey Network at Bay Area Open Source Security Hackers
Hortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptx
Hortonworks
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Cloudera, Inc.
Security Breakout Session
Security Breakout Session
Splunk
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
Cloudera, Inc.
Supporting Financial Services with a More Flexible Approach to Big Data
Supporting Financial Services with a More Flexible Approach to Big Data
WANdisco Plc
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union
Cloudera, Inc.
Big data beyond the hype may 2014
Big data beyond the hype may 2014
bigdatagurus_meetup
Make Streaming Analytics work for you: The Devil is in the Details
Make Streaming Analytics work for you: The Devil is in the Details
DataWorks Summit/Hadoop Summit
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
Hortonworks
Ciso executive forum 2013
Ciso executive forum 2013
Bill Burns
Enterprise Apache Hadoop: State of the Union
Enterprise Apache Hadoop: State of the Union
Hortonworks
System Security on Cloud
System Security on Cloud
Tu Pham
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Italia
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Grid Dynamics
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark Summit
S2DS London 2015 - Hadoop Real World
S2DS London 2015 - Hadoop Real World
Sean Roberts
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
big data and cloud computing
big data and cloud computing
Mohamed Sharique Vellikan
Enterprise Hadoop with Hortonworks and Nimble Storage
Enterprise Hadoop with Hortonworks and Nimble Storage
Hortonworks
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Cristian Garcia G.
Similar to Modern Honey Network at Bay Area Open Source Security Hackers
(20)
Hortonworks sqrrl webinar v5.pptx
Hortonworks sqrrl webinar v5.pptx
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Security Breakout Session
Security Breakout Session
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
Supporting Financial Services with a More Flexible Approach to Big Data
Supporting Financial Services with a More Flexible Approach to Big Data
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union
Big data beyond the hype may 2014
Big data beyond the hype may 2014
Make Streaming Analytics work for you: The Devil is in the Details
Make Streaming Analytics work for you: The Devil is in the Details
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
Ciso executive forum 2013
Ciso executive forum 2013
Enterprise Apache Hadoop: State of the Union
Enterprise Apache Hadoop: State of the Union
System Security on Cloud
System Security on Cloud
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for you
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
S2DS London 2015 - Hadoop Real World
S2DS London 2015 - Hadoop Real World
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
big data and cloud computing
big data and cloud computing
Enterprise Hadoop with Hortonworks and Nimble Storage
Enterprise Hadoop with Hortonworks and Nimble Storage
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Recently uploaded
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptx
Emmanuel Dauda
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
Boston Institute of Analytics
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
soniya singh
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
shivangimorya083
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
ccctableauusergroup
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
Sapana Sha
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Jack DiGiovanna
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
ffjhghh
Decoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in Action
Boston Institute of Analytics
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
Sonatrach
Aminabad Call Girl Agent 9548273370 , Call Girls Service Lucknow
Aminabad Call Girl Agent 9548273370 , Call Girls Service Lucknow
makika9823
Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...
Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...
shivangimorya083
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
Invezz1
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
dajasot375
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
Suhani Kapoor
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
Pramod Kumar Srivastava
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
YohFuh
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
Florian Roscheck
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Sapana Sha
Recently uploaded
(20)
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
Decoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in Action
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
Aminabad Call Girl Agent 9548273370 , Call Girls Service Lucknow
Aminabad Call Girl Agent 9548273370 , Call Girls Service Lucknow
Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...
Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Modern Honey Network at Bay Area Open Source Security Hackers
1.
Modern Honey Network
(MHN) Open Source Honeynet Management Platform Colby DeRodeff Chief Technology Officer Jason Trost @jason_trost jason.trost [AT] threatstream [DOT] com
2.
Who am I
• Jason Trost (@jason_trost) • Director of ThreatStream Labs • Formerly at Endgame, Booz Allen, Dept. of Defense, Sandia Nat’l Labs • Background in Big Data Security Analytics • Big advocate of open source and open source contributor – Binary Pig – framework for large-scale static analysis using Hadoop – Apache Accumulo – Pig integration, Python integration, Analytics – Apache Storm – Elasticsearch plugins – Honeynet Project www.threatstream.com © 2014 threatstream Confidential 2
3.
ThreatStream • Cyber
Security company founded in 2013 and venture backed by Google Ventures and Paladin Capital Group. • SaaS based enterprise security software that provides actionable threat intelligence to large enterprises and government agencies. • Our customers hail from the financial services, retail, energy, and technology sectors. www.threatstream.com © 2014 threatstream Confidential 3
4.
Agenda • Background
• The Problem • What is MHN • MHN Architecture • Demo • Wrap-up www.threatstream.com © 2014 threatstream Confidential 4
5.
Background • Honeypots
can be very useful – Esp. if deployed behind your firewall – Catch internal scanning hosts – Early warning system • Honeypot and network sensor data is useful, esp. at scale – Threat feeds – Reputation engine – Attack trends – Is this IP only attacking me? Or others? www.threatstream.com © 2014 threatstream Confidential 5
6.
The Problem •
Deploying/Managing Honeypots is difficult • These activities are harder than they should be: – Installing Honeypot packages – Managing Honeypot sensors – Setting up data flows – Analyzing the collected data • Because of this, honeypots are not used as much as they could be in production • We hope to change that www.threatstream.com © 2014 threatstream Confidential 6
7.
What is MHN
• Modern Honey Network • Open source platform for managing honeypots, collecting and analyzing their data • Makes it very easy to deploy new honeypots and get data flowing • Leverages some existing open source tools – hpfeeds – nmemosyne – honeymap – MongoDB – Dionaea, Conpot, Snort, Kippo – Glastopf, Amun, and Wordpot www.threatstream.com © 2014 threatstream Confidential 7
8.
Honeypot Management •
MHN Automates management tasks • Deploying new honeypots • Setting up data flows using hpfeeds • Store and index the resulting data • Correlate with IP Geo data • Real-time visualization www.threatstream.com © 2014 threatstream Confidential 8
9.
Architecture MH N
Mnemosyne honeymap Webapp REST API 3rd party apps hpfeeds snort conpot dionaea snort conpot dionaea snort conpot dionaea Sensors Kippo Kippo Kippo Glastop f Glastop f Glastop f Amun Amun Amun www.threatstream.com © 2014 threatstream Confidential 9
10.
Demo www.threatstream.com ©
2014 threatstream Confidential 10
11.
Open Source (GPLv3)
github.com/threatstream/MHN www.threatstream.com © 2014 threatstream Confidential 11
12.
Questions www.threatstream.com ©
2014 threatstream Confidential 12
13.
Contact • Jason
Trost • @jason_trost • jason.trost [AT] threatstream [DOT] com • github.com/jt6211 www.threatstream.com © 2014 threatstream Confidential 13
Editor's Notes
Good evening welcome to our talk on the Modern Honey Network, an open source platform managing Honeynets
have you tried setting up hpfeeds based data flows? It is a kind of a pain
also open sourced a small supporting project https://github.com/threatstream/snort_hpfeeds
Download now