Explore the deployment of honeypots for gathering actionable threat intelligence in this conference talk from Circle City Con 2015. Learn about different types of honeypots, their interaction levels, and how to increase accuracy in threat intelligence collection. Discover the importance of making honeypots look legitimate, adding production value, and considerations for virtualization and cloud environments. Gain insights into market watch examples, canaries, and future developments in the field. Follow along as the speaker covers threat intelligence phases, SIEM integration, and common problems encountered when using honeypots for cybersecurity purposes.
Overview
Syllabus
Intro
Backstory
What this talk is about
DISCLAIMER
Outline
What is threat intelligence?
TI Phases
Collection
Data / Event Correlation
SIEM
How do we increase accuracy?
What's a honeypot?
Common Problems
Low Interaction Honeypots
Medium Interaction Honeypots
High Interaction Honeypots
Why High Interaction for TI?
Making It Count
They MUST look legit
Adding Production Value
HI Honeypot Considerations
Considerations With Virtualization
Cloud Considerations
Examples of Canaries
Market Watch
Recap
Conclusion
Next Development
References
People to Follow
