A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Using Honeypots for Network Security Monitoring - Chris Sanders (BSides Augusta 2016) (Hacking Illustrated Series InfoSec Tutorial Videos)

Using Honeypots for Network Security Monitoring
Chris Sanders

"A strong detection and response capability is required for the success of security program because prevention eventually fails and a motivated attacker can always find a way in. However, economics are not in favor of network security monitoring (NSM). Due to the hardware, software, and labor required it's expensive to deploy an NSM capability and hire qualified analysts to maintain and investigate the high volume of alerts, especially at scale. In this presentation I'll discuss how honeypots are emerging as a practical solution for driving down the cost of network security monitoring. These aren't your traditional honeypots meant to sit outside the firewall to research automated malware. These are focused, use case specific honeypots that are designed to provide detection with a favorable signal to noise ratio. By integrating honeypots into your NSM strategy and taking a targeted approach, a grid of honeypots can realistically become your most cost effective detection tool. I'll make the case for honeypots like these and discuss implementation strategies that I've seen work. You should come away form this presentation with a unique perspective on honeypots and an actionable plan you can use to start evaluating and deploying NSM honeypots in your network. "

"Chris Sanders is an information security consultant, author, and researcher originally from Mayfield, Kentucky, now living in Gainesville, GA. Chris is the leader of a detection and investigation research team at FireEye. He has extensive experience supporting multiple government and military agencies, as well as several Fortune 500 companies. In multiple roles with the US Department of Defense, Chris helped to create several NSM and intelligence tools currently being used to defend the interests of the nation. Chris has authored several books and articles, including the international best seller ?Practical Packet Analysis? form No Starch Press, currently in its second edition and in seven languages, and ?Applied Network Security Monitoring? from Syngress. Chris currently holds multiple industry certifications, including the SANS GSE distinction, as well as a BS in Telecommunications and an MS in Homeland Security. He is currently pursuing a PhD in Cognitive Psychology in an attempt to enhance the field of security investigative technique through a better understanding of the human thought and learning processes. Chris is also the founder and director of the Rural Technology Fund, a non-profit that donates thousands of dollars in scholarships and equipment annually to further technical education in rural and high poverty areas. Chris blogs at http://www.chrissanders.org. You can learn more about the RTF at http://www.ruraltechfund.org."


Back to BSides Augusta 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast