New free tools and services aimed at making honeynets more manageable are now becoming available: The Honeynet Project next month will roll out its new Global Distributed Honeynet as well as new honeynet tools, Dark Reading has learned, while the New Zealand Honeynet Alliance has begun offering client-based honeynet services for organizations that can’t run their own servers. Most enterprises have avoided running these servers for fear of inviting trouble and because managing them and sifting through the data has been a time-consuming, resource-intensive process. And while honeynets provide lots of attacker- and attack data, they’re passive nodes that don’t actually stop attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"
“We are aware that in the past installing and maintaining and analyzing data from honeynets has been somewhat resource intensive,” says Ralph Logan, principal with The Logan Group and vice president of the Honeynet Project. The services are based on a new version of the alliance’s Capture-HPC client honeypot software. He says the tools are intended for organizations that can’t or don’t want to have their own client honeynet.<\/p>\n
Meanwhile, the Honeynet Project’s soon-to-be-announced Global Distributed Honeynet, a distributed network of honeynets, automatically analyzes honeypot attack data gathered from various honeypot and honeynet locations around the world.<\/p>\n
Kevin Mandia, who worked on the Honeynet Project until 2001, says honeynets are great for research and academia, but he would not recommend any of his clients in the government and enterprise world put one up.<\/p>\n
Honeynets determine the “who and why” of insider attacks, notes Logan, versus security products such as firewalls and IDS that look more at the when, how, and what.<\/p>\n
http:\/\/www.darkreading.com\/document.asp?doc_id=122352&WT.svl=news2_5<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1532","post","type-post","status-publish","format-standard","hentry","category-product"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1532"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1532\/revisions"}],"predecessor-version":[{"id":4019,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1532\/revisions\/4019"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}