Over the past five years it has become clear that breaches are almost inevitable for any sizable enterprise. Often companies are breached for several months before accidently finding the compromise or being notified by external parties. It is clear that more needs to be done to reduce the size and scope of compromises. Internally deployed behind-the-firewall honeypots can greatly improve the visibility of compromises, especially since most netflow and IDS sensors are not monitoring all LANs and miss most intra-LAN scanning and lateral movement activity. In this talk we present Modern Honey Network (MHN), an open source (GPLv3) platform for deploying and managing honeypots in Enterprise environments. We discuss several case studies demonstrating how it augments Netflow, IDS, and other monitoring technologies. We show that it reduces the time between compromise and detection, increases the costs to the attacker, and acts as a high signal, low noise intrusion sensor. We discuss deployment best practices and integration with existing security systems.