Five Ways to Include MHN in Your Security Strategy | Anomali

Honeypots are versatile tools to add to your cyber-security arsenal. Using a sandbox environment to entice hackers is a great research tool. Not only are you preserving your legitimate network from harm, visitors leave important clues about their identity and objectives.

The Modern Honey Net is growing in popularity as an affordable and fully customizable means to starting a low stakes environment in which to collect cyber threat intelligence. MHN uses open source code which is free to download. The platform facilitates highly important information analysis which results in salient, actionable intelligence. It’s more affordable and has opened up a new class of threat intelligence gatherers.

A honeypot has a relatively low instance of false positives. By design, most traffic going to your deception trap is suspicious, and the rest is usually some kind of incidental ping from the firewall or another automated hit. Usable intelligence exists within context, so it’s important to use a platform like MHN which will allow you to enter custom criteria which wouldn’t indicate trouble to every user. It’s a platform as well as a movement, as MHN gives users a means to share intelligence with others.

Here are some specific applications to leverage the power of MHN yourself.

1. Protect crucial files. Set up a honeytrap that will identify external spies and attract internal threats. Traffic to phony folders can reveal the identity and objectives of an outside hacker or an internal mole.

2. Protect your email inboxes. Most malware attacks are delivered via email, so it’s paramount to filter out phishing emails. Email security settings must be informed well enough about existing threats to block known hostile IP addresses and notorious spammers. Malware infections have quadrupled since this time last year.

3. Correlate threats. If your security applications like SIEM and email spam filters don’t communicate, you are unable to see the full picture. Using MHN to study all sources of suspicious traffic will reveal patterns such as objectives, timing, and source location of threats.

4. Stop enemies before they start. Customize your threat intelligence platform to alert you of known adversaries. Custom define potential threats you identify yourself or through circles of trust. “Hactivist alerts” use collected intelligence to identify known participants of rogue or notorious hacking societies.

5. Prepare yourself for attempted large scale attacks. Considered the epitome of network exploitation, Directed Denial of Service attacks are costly and humiliating. Many victims are caught unaware, although early signs are detectable in hindsight. Knowing that, your system may be able to monitor traffic for early signs of an impending onslaught.

The intelligence gathering strategy used by MHN has been an established technique for years. When you host an entity with the expectation it will be visited by threat actors, take care to ensure it’s well hidden. When you have a string of convincing deception traps throughout your existing workspace, you’re on track to be well informed. Only with accurate and timely information can you protect your network against all manner of threats.

View The Webinar Here


Modern Honey Network

Related Content

Get the Anomali Newsletter

The latest Anomali updates and cybersecurity news, delivered straight to your inbox each month.