Anomali Detect

September 20 - 22, 2017

BLOG

Category: Modern Honey Network

Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Community Data (Part 4)

Over the last 3 weeks, I’ve looked at: ingesting Modern Honey Network data into Splunk, adding context to MHN data using threat feeds, and creating alerts using MHN data.In this post I am going to give you a brief insight into the data that was reported back from...
Read More


Cyber Threat Intelligence Modern Honey Network

MHN Radar: Databases Under Siege

Anomali’s Modern Honeypot Network (MHN for short) is a worldwide network of honeypot sensors that collects data on scans, probes and intrusions of various network ports and services. By looking at data collected by MHN we can piece together a picture of the current threat landscape for a...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Honeypot Alert Automation (Part 3)

In my last post, I looked at enriching Modern Honey Network events against a threat feed, specifically Anomali Threatstream IOCs.The idea of enriching events helps filter out false positives — events that pose no real risk to a network. False positives can obviously — and do — waste many...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Adding Context Using Threat Feeds (Part 2)

Last week, I showed how to ingest Modern Honey Network data into Splunk and visualise it with the MHN Splunk App.Hopefully you’ve been getting lots of additional value on-top of the Modern Honey Network web app. I’m sure you’re now ready to...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Getting Value From Your Honeypots Data (Part 1)

Whilst The Modern Honey Network Server alone is powerful, exporting the data for further manipulation and analysis can be very useful. It is common to see security teams feeding MHN attack data directly into their SIEM for correlation against events generated from other security tools, like...
Read More


Modern Honey Network

Building Raspberry Pi Honeypots On A Budget

It is no longer sufficient to run a singular security application and expect your network to be protected from threats. Zero-day exploits can catch your anti-malware software off guard, and anything encrypted can potentially be decrypted if an outsider wants the data badly enough. With all that is riding on...
Read More


Modern Honey Network

Five Ways to Include MHN in Your Security Strategy

Honeypots are versatile tools to add to your cyber-security arsenal. Using a sandbox environment to entice hackers is a great research tool. Not only are you preserving your legitimate network from harm, visitors leave important clues about their identity and objectives. The Modern Honey Net is growing in popularity as...
Read More


Modern Honey Network

4 Ways to Get the Most Out of the Modern Honey Network

Setting up a honeypot is a well-known strategy for having a complete cyber-security system. The honeypot is a phony, low-stakes web environment you set up as a decoy. Hackers find the resource and by exploring it for vulnerability, leave clues about their identities and motivations. In addition to incriminating themselves,...
Read More


Modern Honey Network

Turn the Tables on Cyber-Crime With The Modern Honey Network

If your network is hacked, you will have a multitude of reactions, including an urge to respond in kind. Technically hacking the hackers isn’t legal, but deceiving intruders is! Advanced persistent threats are targeted at those who have information of value to the hacker. Scrubbing away malware is...
Read More


Modern Honey Network

The Accuracy Of The Honeypot Network

Discovering evidence that someone is probing your network for weaknesses before they successfully attack makes all the difference. You will learn a lot about your enemies and what they are seeking after your network has been infected or your data has been stolen, copied, or sabotaged. But there is no...
Read More


Modern Honey Network

The Advantages Of A Modern Honeypot

Operations of every size and in every industry need consistent, reliable threat intelligence. The consequences of a virus attack or data breach are devastating. Some businesses never recover from the damage. Some studies report that as few as 6% of businesses who experience data loss are still in operation two years...
Read More


Modern Honey Network

Who Can Benefit From A Raspberry Pi Honeypot

With all the different security options being introduced, how can you tell which solutions are right for you? Understanding the different types of threat intelligence tools is important, as is objectively assessing your own needs. Individuals and enterprises alike all need a system in place to detect and respond to...
Read More


Modern Honey Network

The Importance of Forming a Modern Honeypot Network

There are many reasons why it is important for your enterprise to invest the time and resources into building and to manage a honeypot using the Modern Honey Network (MHN). Hosting data on a network is a great responsibility. Stolen data cannot be returned to its owners like a stolen...
Read More


Modern Honey Network

How To Make Your Modern Honeypot An Enterprise Defense

The modern honeypot is a security tool developed using open-source framework. Honeypots are like interactive traps which are useful to study would-be attackers. Enterprises host a no-stakes entity such as a website that attracts threats including invasive bots and attackers. Criminals are trying to access proprietary data, client leads, personnel...
Read More


Modern Honey Network

BSidesNYC2016 Recap

Last Month Jason Trost and I presented some of our “https://www.slideshare.net/slideshow/embed_code/key/3SSGk4Mr11wtDG”at the inaugural BSidesNYC.BSidesNYC was held at the home of the nation’s first computer forensics’ graduate program, John Jay College. In the current...
Read More


Cyber Threat Intelligence Modern Honey Network Research Threat Intelligence Platform

Juniper ScreenOS Backdoor Password Seen Used in the Wild

Starting on December 22nd sensors that are part of the Modern Honey Network (MHN) started detecting several systems using the recently reported Juniper ScreenOS backdoor password (<<< %s(un='%s') = %u as reported by Rapid7 here).  This backdoor is identified as CVE-2015-7755. ...
Read More


Cyber Threat Intelligence Modern Honey Network

Leveraging Your Honeypots with the Right Tools

Can you deploy honeypots offensively?In 1999, Lance Spitzner, published How To Build A Honeypot and since then we’ve seen a wide-scale proliferation of honeypot usage. Why? Because it's one of the only effective and offensive countermeasures we can take against hackers.Some may disagree that honeypots are...
Read More


Cyber Threat Intelligence Modern Honey Network Threat Intelligence Platform

Applications of MHN and Honeypots in the Enterprise

Often times we are asked about various uses of Modern Honey Network (MHN) and deploying honeypots. In this post we will discuss several different use cases for how MHN and honeypot sensors can be used in the enterprise.Threat Intelligence CollectionMHN was originally designed for Threat Intelligence collection in...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform

Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools

A couple weeks ago, Nicholas Albright and myself from ThreatStream Labs offered a workshop at BSidesLV 2015 on Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools. This was a packed class and we ended up having more attendees than the maximum class size. This made teaching the...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM

Monitoring Anonymizing Networks (TOR/I2P) for Threat Intelligence

 Disclaimer: Due to the prevalence of illegal material, specifically illegal images, we highly recommend only experienced researchers who understand the risks perform research in this area. Regardless of the experience of the investigator, disabling image loading or downloading should be the first step to prevent accidental exposure to this...
Read More


Get the latest threat intelligence news in your email.