Analysis and perspectives from the leading voice in threat intelligence.
Over the last 3 weeks, I’ve looked at: ingesting Modern Honey Network data into Splunk, adding context to MHN data using threat feeds, and creating alerts using MHN data.In this post I am going to give you a brief insight into the data that was reported back from the MHN honeypots in January 2017.About MHN Community DataThe…
Anomali’s Modern Honeypot Network (MHN for short) is a worldwide network of honeypot sensors that collects data on scans, probes and intrusions of various network ports and services. By looking at data collected by MHN we can piece together a picture of the current threat landscape for a variety of services.Recently,…
In my last post, I looked at enriching Modern Honey Network events against a threat feed, specifically Anomali Threatstream IOCs.The idea of enriching events helps filter out false positives — events that pose no real risk to a network. False positives can obviously — and…
Last week, I showed how to ingest Modern Honey Network data into Splunk and visualise it with the MHN Splunk App.Hopefully you’ve been getting lots of additional value on-top of the Modern Honey Network web app. I’m sure you’re now ready to ramp things up.As with all security events — including…
Whilst The Modern Honey Network Server alone is powerful, exporting the data for further manipulation and analysis can be very useful. It is common to see security teams feeding MHN attack data directly into their SIEM for correlation against events generated from other security tools, like Threatstream.It is easy to export data…
It is no longer sufficient to run a singular security application and expect your network to be protected from threats. Zero-day exploits can catch your anti-malware software off guard, and anything encrypted can potentially be decrypted if an outsider wants the data badly enough. With all that is riding on the sanctity of your…
Honeypots are versatile tools to add to your cyber-security arsenal. Using a sandbox environment to entice hackers is a great research tool. Not only are you preserving your legitimate network from harm, visitors leave important clues about their identity and objectives.The Modern Honey Net is growing in popularity as an…
Setting up a honeypot is a well-known strategy for having a complete cyber-security system. The honeypot is a phony, low-stakes web environment you set up as a decoy. Hackers find the resource and by exploring it for vulnerability, leave clues about their identities and motivations. In addition to incriminating themselves, the…
If your network is hacked, you will have a multitude of reactions, including an urge to respond in kind. Technically hacking the hackers isn’t legal, but deceiving intruders is! Advanced persistent threats are targeted at those who have information of value to the hacker. Scrubbing away malware is a simple process one can…
Discovering evidence that someone is probing your network for weaknesses before they successfully attack makes all the difference. You will learn a lot about your enemies and what they are seeking after your network has been infected or your data has been stolen, copied, or sabotaged. But there is no reason to go through that when…
Get the latest Anomali updates and cybersecurity news straight to your inbox each month.
Subscribe Now