Augmenting Netflow with the Honeypot Data for Internal Breach Monitoring and Detection

•

6 gefällt mir•1,913 views

Over the past five years it has become clear that breaches are almost inevitable for any sizable enterprise. Often companies are breached for several months before accidently finding the compromise or being notified by external parties. It is clear that more needs to be done to reduce the size and scope of compromises. Internally deployed behind-the-firewall honeypots can greatly improve the visibility of compromises, especially since most netflow and IDS sensors are not monitoring all LANs and miss most intra-LAN scanning and lateral movement activity. In this talk we present Modern Honey Network (MHN), an open source (GPLv3) platform for deploying and managing honeypots in Enterprise environments. We discuss several case studies demonstrating how it augments Netflow, IDS, and other monitoring technologies. We show that it reduces the time between compromise and detection, increases the costs to the attacker, and acts as a high signal, low noise intrusion sensor. We discuss deployment best practices and integration with existing security systems.

Daten & Analysen

Modern
Honey
Network

Internal Breach Monitoring & Detection
with the Modern Honey Network
Jason
Trost

Director
of
ThreatStream
Labs

FloCon
2015

January
12-‐15
2015
|
Portland,
OR

Enterprise
Deployment
DMZ
Deployment

Enterprise

Network

Modern
Honey
Network
(MHN)

-‐
Free
and
Open
Source
(GPLv3)
PlaIorm
for

deploying
and
managing
Honeypots.

-‐
Makes
deploying
honeypots
easy

-‐
Includes
APIs
for
leveraging
all
data
collected

-‐
Leverages:
Python/Flask,
hpfeeds,

mnemosyne,
honeymap,
and
MongoDB

-‐
Sensors
Supported:
Dionaea,
Conpot,
Snort,

Kippo,
Glastopf,
Amun,
Wordpot,
Shockpot,
p0f

-‐
Deploy
honeypots
on
DMZ
LAN

-‐
Accessible
by
other
DMZ
hosts,
but
not
exposed
to
the

public
Internet
(reduces
noise)

-‐
Aims
to
catch
compromises
of
DMZ
hosts
if
they
start

scanning

-‐
Meant
to
augment
exisYng
detecYon
and
monitoring

technologies,
not
replace
them

-‐
Low
Noise:
Compromised
systems,
Lateral
movement

aZempts,
misconﬁgured
systems,
misbehaving
internal

hosts,
penetraYon
testers

-‐
Deploy
alongside
enterprise
workstaYons
and
servers

-‐
Conﬁgure
to
mimic
real
systems
as
much
as
possible

including
DNS
entries

-‐
Only
discoverable
by
network
probes
or
DNS
zone
transfers

(i.e.
don’t
adverYse
that
they
are
there)

-‐
Low
Noise:
Compromised
systems,
Lateral
movement

aZempts,
misconﬁgured
systems,
misbehaving
internal
hosts,

penetraYon
testers

-‐
Any
interacYon
with
honeypots
should
be
invesYgated

Ingest
Viz

Architecture

APIs

syslog
SIEM
alerts

hZps://github.com/threatstream/mhn

-‐
Sensors
report
events
in
real-‐Yme
via
hpfeeds

-‐
Events
are
enriched,
indexed,
and
stored
in
MongoDB

-‐
MHN
Web
app
enables
exploraYon
and
visualizaYon

-‐
JSON
APIs
expose
events
for
integraYon
with
other
systems

DMZ
Internet
Internal

Network

Weitere ähnliche Inhalte

Andere mochten auch

Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.

BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes

Jason Trost

2015 is turning out to be the most spectacular year of high profile compromises across almost every vertical and many companies are starting to consider new options to raise the bar for intrusion detection and incident response, including deploying honeypots. In this workshop we will present an overview of the current state of the art of leveraging open source tools to build a novel intrusion detection system inside the enterprise. We will discuss the pros/cons and ins/outs of several major open source honeypots as well as how to manage and deploy these sensors using the Modern Honey Network, Splunk, as well as integration into other systems such as ArcSight. We will discuss real world deployments of honeypots, what worked and what didn't as well as recommendations for getting the most out of these non-convention network sensors.

Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...

Jason Trost

This past year was the year of the data breach. Large and small organizations across every industry vertical were impacted by compromises that ranged from theft of PII, intellectual property, and financial information to publication of entire backend databases and email spools. The data from these breaches often wound up being exposed publicly, exchanged or sold on underground markets, or simply leveraged to breach other organizations. Many of these breaches have cascading effects due to the transitive nature of security that exists across many companies. Many companies rely on critical business partners, subsidiaries, and other organizations whose services are trusted. Also, due to password reuse customers accounts included in a 3rd party data dump could enable unauthorized access to another business's assets. In this talk we outline through case studies several ways that Threat Intelligence is being used today to improve the security and awareness of organizations by monitoring "supply chain" partners, customers, and trusted 3rd parties. Specifically we will discuss brand monitoring, mass credential compromises, signs of infection/compromise, and signs of targeting and social networking data-mining. We will outline how organizations can effectively integrate this practice into their existing security programs.

SANS CTI Summit 2016 Borderless Threat Intelligence

Jason Trost

Modern Honey Network (MHN)

Jason Trost

Anomali Detect 2016 - Borderless Threat Intelligence

Jason Trost

R-CISC Summit 2016 Borderless Threat Intelligence

Jason Trost

Anomaly Detection - New York Machine Learning

Ted Dunning

Anomaly detection in deep learning (Updated) English

Adam Gibson

Sosyal Medyada Anonim Hesaplar Nasıl Tespit Edilir? - NETSEC

BGA Cyber Security

Andere mochten auch (9)

BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes

Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...

SANS CTI Summit 2016 Borderless Threat Intelligence

Modern Honey Network (MHN)

Anomali Detect 2016 - Borderless Threat Intelligence

R-CISC Summit 2016 Borderless Threat Intelligence

Anomaly Detection - New York Machine Learning

Anomaly detection in deep learning (Updated) English

Sosyal Medyada Anonim Hesaplar Nasıl Tespit Edilir? - NETSEC

Kürzlich hochgeladen

原版定制【微信:176555708】【圣地亚哥州立大学毕业证（SDSU毕业证书）】【微信:176555708】（留信学历认证永久存档查询）采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。【业务选择办理准则】一、工作未确定，回国需先给父母、亲戚朋友看下文凭的情况，办理一份就读学校的毕业证【微信176555708】文凭即可二、回国进私企、外企、自己做生意的情况，这些单位是不查询毕业证真伪的，而且国内没有渠道去查询国外文凭的真假，也不需要提供真实教育部认证。鉴于此，办理一份毕业证【微信176555708】即可三、进国企，银行，事业单位，考公务员等等，这些单位是必需要提供真实教育部认证的，办理教育部认证所需资料众多且烦琐，所有材料您都必须提供原件，我们凭借丰富的经验，快捷的绿色通道帮您快速整合材料，让您少走弯路。留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才留信网服务项目： 1、留学生专业人才库服务（留信分析） 2、国（境）学习人员提供就业推荐信服务 3、留学人员区块链存储服务 → 【关于价格问题（保证一手价格）】我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。选择实体注册公司办理，更放心，更安全！我们的承诺：可来公司面谈，可签订合同，会陪同客户一起到教育部认证窗口递交认证材料，客户在教育部官方认证查询网站查询到认证通过结果后付款，不成功不收费！

怎样办理圣地亚哥州立大学毕业证（SDSU毕业证书）成绩单学校原版复制

vexqp

In my capstone project, I investigated the impact of COVID-19 on education. Using data analysis and statistical methods, I explored various aspects such as enrollment trends, access to resources, and socioeconomic disparities. I found a significant association between children missing classes and a lack of internet connection at home, as well as between household financial situations and children's enrollment in school. These findings highlight the importance of addressing disparities in internet access, household finances, and geographical location to ensure equal educational opportunities for all students during and beyond the pandemic.

Capstone in Interprofessional Informatic // IMPACT OF COVID 19 ON EDUCATION

LakpaYanziSherpa

Switzerland Constitution 2002.pdf.........

EfruzAsilolu

Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Models We are available 24*7 Booking Contact Details :- WhatsApp Chat :- +91-7014168258 If you're looking for India Call girls you've come to the right place. You'll find some of the most beautiful call girls in our location with. These ladies have pleasing personalities, hot figures, and a passion for physical pleasure. Call girls in India Lucknow Many men have booked them for their erotic and soul-mixing performances, which are sure to leave you with unforgettable memories. #K09 Escort Service India is available in the city for men and women of all ages. They can satisfy your sexual needs and will make your experience even more enjoyable and memorable. Whether you're looking for a blow-job, stripping, lovemaking, or other dirty acts, you'll be able to find a match for your tastes and budget. These highly trained professionals will help you have an unforgettable night. One Shot — 5000/in call (time 1 hour), 6000/out call Two shot with one girl — 8000/in call (time 2 hour), 10000/out call Body to body massage with sex- 8000/in call (time 1 hour) Full night Service for one person– 12000/in call, 13000/out call (shot limit 3-4 shots) Full night Service for more than 1 person — please contact Us —7014168258 We are available 24*7 all days of the year. Call us — 7014168258 Thank you for Visiting.

Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...

nirzagarg

Building Real-Time Pipelines With FLaNK Timothy Spann, Principal Developer Advocate, Streaming - Cloudera Future of Data meetup, startup grind, AI Camp The combination of Apache Flink, Apache NiFi, and Apache Kafka for building real-time data processing pipelines is extremely powerful, as demonstrated by this case study using the FLaNK-MTA project. The project leverages these technologies to process and analyze real-time data from the New York City Metropolitan Transportation Authority (MTA). FLaNK-MTA demonstrates how to efficiently collect, transform, and analyze high-volume data streams, enabling timely insights and decision-making. Apache NiFi Apache Kafka Apache Flink Apache Iceberg LLM Generative AI Slack Postgresql

DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK

Timothy Spann

Gartner's Data Analytics Maturity Model.pptx

chadhar227

Data Analyst Tasks to do the internship.pdf

theeltifs

SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...

Elaine Werffeli

This PowerPoint presentation likely explores the journey and evolution of boAt as a brand known for its innovative approach in the consumer electronics industry. The presentation may cover several key aspects: Introduction to boAt: Overview of the company's founding, vision, and initial products. Innovation Highlights: Exploration of boAt's innovative strategies in product design, technology integration, and market positioning. Market Impact: Discussion on how boAt has disrupted the audio electronics market with its unique offerings and consumer-centric approach. Brand Building: Insights into the marketing and branding strategies employed by boAt to create a strong and recognizable brand identity. Growth Trajectory: Analysis of boAt's growth story, including milestones, challenges faced, and strategies for expansion. Future Outlook: Speculation or plans for the future of boAt, including potential areas of innovation and growth opportunities. Lessons Learned: Takeaways and lessons that can be gleaned from boAt's success story, particularly in the context of entrepreneurship and innovation.

The-boAt-Story-Navigating-the-Waves-of-Innovation.pptx

Vivek487417

Discover Why Less is More in B2B Research

michael115558

Digital advertising, or paid media, encompasses the strategic deployment of online advertisements to reach target audiences efficiently and effectively. This includes any digital platform that supports advertising to deliver unique messages for any objective. Understanding the mechanics of digital advertising platforms, along with insights into audience behaviors and preferences, allows marketers to optimize their ad spend and achieve significant engagement and conversion rates. This lecture is for Advanced Digital & Social Media Strategy (MGMTX 466.05) at UCLA Extension.

Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...

Valters Lauzums

SR-101-01012024-EN.docx Federal Constitution of the Swiss Confederation

EfruzAsilolu

Saudi Arabia [ Abortion pills) Jeddah/riaydh/dammam/+966572737505☎️] cytotec tablets uses abortion pills 💊💊 How effective is the abortion pill? 💊💊 +966572737505) "Abortion pills in Jeddah" how to get cytotec tablets in Riyadh " Abortion pills in dammam*💊💊 The abortion pill is very effective. If you’re taking mifepristone and misoprostol, it depends on how far along the pregnancy is, and how many doses of medicine you take:💊💊 +966572737505) how to buy cytotec pills At 8 weeks pregnant or less, it works about 94-98% of the time. +966572737505[ 💊💊💊 At 8-9 weeks pregnant, it works about 94-96% of the time. +966572737505) At 9-10 weeks pregnant, it works about 91-93% of the time. +966572737505)💊💊 If you take an extra dose of misoprostol, it works about 99% of the time. At 10-11 weeks pregnant, it works about 87% of the time. +966572737505) If you take an extra dose of misoprostol, it works about 98% of the time. In general, taking both mifepristone and+966572737505 misoprostol works a bit better than taking misoprostol only. +966572737505 Taking misoprostol alone works to end the+966572737505 pregnancy about 85-95% of the time — depending on how far along the+966572737505 pregnancy is and how you take the medicine. +966572737505 The abortion pill usually works, but if it doesn’t, you can take more medicine or have an in-clinic abortion. +966572737505 When can I take the abortion pill?+966572737505 In general, you can have a medication abortion up to 77 days (11 weeks)+966572737505 after the first day of your last period. If it’s been 78 days or more since the first day of your last+966572737505 period, you can have an in-clinic abortion to end your pregnancy.+966572737505 Why do people choose the abortion pill? Which kind of abortion you choose all depends on your personal+966572737505 preference and situation. With+966572737505 medication+966572737505 abortion, some people like that you don’t need to have a procedure in a doctor’s office. You can have your medication abortion on your own+966572737505 schedule, at home or in another comfortable place that you choose.+966572737505 You get to decide who you want to be with during your abortion, or you can go it alone. Because+966572737505 medication abortion is similar to a miscarriage, many people feel like it’s more “natural” and less invasive. And some+966572737505 people may not have an in-clinic abortion provider close by, so abortion pills are more available to+966572737505 them. +966572737505 Your doctor, nurse, or health center staff can help you decide which kind of abortion is best for you. +966572737505 More questions from patients: Saudi Arabia+966572737505 CYTOTEC Misoprostol Tablets. Misoprostol is a medication that can prevent stomach ulcers if you also take NSAID medications. It reduces the amount of acid in your stomach, which protects your stomach lining. The brand name of this medication is Cytotec®.+966573737505) Unwanted Kit is a combination of two medicin

Abortion pills in Jeddah | +966572737505 | Get Cytotec

Abortion pills in Riyadh +966572737505 get cytotec

原版定制【微信:153539019】《(曼大毕业证书）曼尼托巴大学毕业证》【微信:153539019】（留信学历认证永久存档查询）采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。【业务选择办理准则】一、工作未确定，回国需先给父母、亲戚朋友看下文凭的情况，办理一份就读学校的毕业证【微信153539019】文凭即可二、回国进私企、外企、自己做生意的情况，这些单位是不查询毕业证真伪的，而且国内没有渠道去查询国外文凭的真假，也不需要提供真实教育部认证。鉴于此，办理一份毕业证【微信153539019】即可三、进国企，银行，事业单位，考公务员等等，这些单位是必需要提供真实教育部认证的，办理教育部认证所需资料众多且烦琐，所有材料您都必须提供原件，我们凭借丰富的经验，快捷的绿色通道帮您快速整合材料，让您少走弯路。留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才【关于价格问题（保证一手价格）】我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。

一比一原版(曼大毕业证书）曼尼托巴大学毕业证成绩单留信学历认证一手价格

q6pzkpark

原版定制【微信:176555708】【旧金山城市学院毕业证（CCSF毕业证书）】【微信:176555708】（留信学历认证永久存档查询）采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。【业务选择办理准则】一、工作未确定，回国需先给父母、亲戚朋友看下文凭的情况，办理一份就读学校的毕业证【微信176555708】文凭即可二、回国进私企、外企、自己做生意的情况，这些单位是不查询毕业证真伪的，而且国内没有渠道去查询国外文凭的真假，也不需要提供真实教育部认证。鉴于此，办理一份毕业证【微信176555708】即可三、进国企，银行，事业单位，考公务员等等，这些单位是必需要提供真实教育部认证的，办理教育部认证所需资料众多且烦琐，所有材料您都必须提供原件，我们凭借丰富的经验，快捷的绿色通道帮您快速整合材料，让您少走弯路。留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才留信网服务项目： 1、留学生专业人才库服务（留信分析） 2、国（境）学习人员提供就业推荐信服务 3、留学人员区块链存储服务 → 【关于价格问题（保证一手价格）】我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。选择实体注册公司办理，更放心，更安全！我们的承诺：可来公司面谈，可签订合同，会陪同客户一起到教育部认证窗口递交认证材料，客户在教育部官方认证查询网站查询到认证通过结果后付款，不成功不收费！

怎样办理旧金山城市学院毕业证（CCSF毕业证书）成绩单学校原版复制

vexqp

7. Epi of Chronic respiratory diseases.ppt

ibrahimabdi22

Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models We are available 24*7 Booking Contact Details :- WhatsApp Chat :- +91-7014168258 If you're looking for India Call girls you've come to the right place. You'll find some of the most beautiful call girls in our location with. These ladies have pleasing personalities, hot figures, and a passion for physical pleasure. Call girls in India Lucknow Many men have booked them for their erotic and soul-mixing performances, which are sure to leave you with unforgettable memories. #K09 Escort Service India is available in the city for men and women of all ages. They can satisfy your sexual needs and will make your experience even more enjoyable and memorable. Whether you're looking for a blow-job, stripping, lovemaking, or other dirty acts, you'll be able to find a match for your tastes and budget. These highly trained professionals will help you have an unforgettable night. One Shot — 5000/in call (time 1 hour), 6000/out call Two shot with one girl — 8000/in call (time 2 hour), 10000/out call Body to body massage with sex- 8000/in call (time 1 hour) Full night Service for one person– 12000/in call, 13000/out call (shot limit 3-4 shots) Full night Service for more than 1 person — please contact Us —7014168258 We are available 24*7 all days of the year. Call us — 7014168258 Thank you for Visiting.

Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...

gajnagarg

Lecture_2_Deep_Learning_Overview-newone1

ranjankumarbehera14

Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now Booking Contact Details :- WhatsApp Chat :- +91-7737669865 We offer all types of girls of your choice with space. Our escorts are fully cooperative and understand your needs. All types of call girls like Housewives, College girls,#K09 Russian girls, Muslim girls, Afghani girls, Bengali girls, Working girls, south Indian girls, Punjabi girls, etc. In-Call: — You Can Reach At Our Place in Bangalore Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call: — Service for Out Call You have To Come Pick The Girl From My Place We Also Provide Door-Step Services Hygienic: — Full Ac Neat And Clean Rooms Available In Hotel 24 * 7 Hrs In Bangalore Our Services and Rates: – One Shot — 2500/in call (time ½ hour), 5000/out call Two shot with one girl — 5000/in call (time 1 hour), 6000/out call Body to body massage with sex- 3000/in call (time 1 hour) full night for one person– 8000/in call, 10000/out call (shot limit 4 shot) We are available 24*7 all days of the year

Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now

gargpaaro

Harnessing the Power of GenAI for BI and Reporting.pptx

Paras Gupta

Kürzlich hochgeladen (20)

怎样办理圣地亚哥州立大学毕业证（SDSU毕业证书）成绩单学校原版复制

Capstone in Interprofessional Informatic // IMPACT OF COVID 19 ON EDUCATION

Switzerland Constitution 2002.pdf.........

Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...

DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK

Gartner's Data Analytics Maturity Model.pptx

Data Analyst Tasks to do the internship.pdf

SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...

The-boAt-Story-Navigating-the-Waves-of-Innovation.pptx

Discover Why Less is More in B2B Research

Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...

SR-101-01012024-EN.docx Federal Constitution of the Swiss Confederation

Abortion pills in Jeddah | +966572737505 | Get Cytotec

一比一原版(曼大毕业证书）曼尼托巴大学毕业证成绩单留信学历认证一手价格

怎样办理旧金山城市学院毕业证（CCSF毕业证书）成绩单学校原版复制

7. Epi of Chronic respiratory diseases.ppt

Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...

Lecture_2_Deep_Learning_Overview-newone1

Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now

Harnessing the Power of GenAI for BI and Reporting.pptx

Augmenting Netflow with the Honeypot Data for Internal Breach Monitoring and Detection

1. Modern Honey Network Internal Breach Monitoring & Detection with the Modern Honey Network Jason Trost Director of ThreatStream Labs FloCon 2015 January 12-‐15 2015 | Portland, OR Enterprise Deployment DMZ Deployment Enterprise Network Modern Honey Network (MHN) -‐ Free and Open Source (GPLv3) PlaIorm for deploying and managing Honeypots. -‐ Makes deploying honeypots easy -‐ Includes APIs for leveraging all data collected -‐ Leverages: Python/Flask, hpfeeds, mnemosyne, honeymap, and MongoDB -‐ Sensors Supported: Dionaea, Conpot, Snort, Kippo, Glastopf, Amun, Wordpot, Shockpot, p0f -‐ Deploy honeypots on DMZ LAN -‐ Accessible by other DMZ hosts, but not exposed to the public Internet (reduces noise) -‐ Aims to catch compromises of DMZ hosts if they start scanning -‐ Meant to augment exisYng detecYon and monitoring technologies, not replace them -‐ Low Noise: Compromised systems, Lateral movement aZempts, misconfigured systems, misbehaving internal hosts, penetraYon testers -‐ Deploy alongside enterprise workstaYons and servers -‐ Configure to mimic real systems as much as possible including DNS entries -‐ Only discoverable by network probes or DNS zone transfers (i.e. don’t adverYse that they are there) -‐ Low Noise: Compromised systems, Lateral movement aZempts, misconfigured systems, misbehaving internal hosts, penetraYon testers -‐ Any interacYon with honeypots should be invesYgated Ingest Viz Architecture APIs syslog SIEM alerts hZps://github.com/threatstream/mhn -‐ Sensors report events in real-‐Yme via hpfeeds -‐ Events are enriched, indexed, and stored in MongoDB -‐ MHN Web app enables exploraYon and visualizaYon -‐ JSON APIs expose events for integraYon with other systems DMZ Internet Internal Network

Augmenting Netflow with the Honeypot Data for Internal Breach Monitoring and Detection

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (9)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Augmenting Netflow with the Honeypot Data for Internal Breach Monitoring and Detection