SlideShare a Scribd company logo

Modern Honey Network at Bay Area Open Source Security Hackers

Download as PPTX, PDF
Jason Trost, profile picture
Jason Trost

Modern Honey Network (MHN) is an open source platform for managing honeypots, collecting and analyzing their data to make deploying and using honeypots easier. MHN automates tasks like deploying honeypots, setting up data flows, storing and indexing the collected data. The presenter, Jason Trost, is from ThreatStream, a cybersecurity company that provides threat intelligence using a SaaS platform, and is an advocate for open source security tools and contributor to several projects.

Data & Analytics
1 of 13
Downloaded 33 times
1
2
3
4
5
6
7
8
9
10
11
12
13
Modern Honey Network (MHN) Open Source Honeynet Management Platform Colby DeRodeff Chief Technology Officer Jason Trost @jason_trost jason.trost [AT] threatstream [DOT] com
Who am I • Jason Trost (@jason_trost) • Director of ThreatStream Labs • Formerly at Endgame, Booz Allen, Dept. of Defense, Sandia Nat’l Labs • Background in Big Data Security Analytics • Big advocate of open source and open source contributor – Binary Pig – framework for large-scale static analysis using Hadoop – Apache Accumulo – Pig integration, Python integration, Analytics – Apache Storm – Elasticsearch plugins – Honeynet Project www.threatstream.com © 2014 threatstream Confidential 2
ThreatStream • Cyber Security company founded in 2013 and venture backed by Google Ventures and Paladin Capital Group. • SaaS based enterprise security software that provides actionable threat intelligence to large enterprises and government agencies. • Our customers hail from the financial services, retail, energy, and technology sectors. www.threatstream.com © 2014 threatstream Confidential 3
Agenda • Background • The Problem • What is MHN • MHN Architecture • Demo • Wrap-up www.threatstream.com © 2014 threatstream Confidential 4
Background • Honeypots can be very useful – Esp. if deployed behind your firewall – Catch internal scanning hosts – Early warning system • Honeypot and network sensor data is useful, esp. at scale – Threat feeds – Reputation engine – Attack trends – Is this IP only attacking me? Or others? www.threatstream.com © 2014 threatstream Confidential 5
The Problem • Deploying/Managing Honeypots is difficult • These activities are harder than they should be: – Installing Honeypot packages – Managing Honeypot sensors – Setting up data flows – Analyzing the collected data • Because of this, honeypots are not used as much as they could be in production • We hope to change that www.threatstream.com © 2014 threatstream Confidential 6
What is MHN • Modern Honey Network • Open source platform for managing honeypots, collecting and analyzing their data • Makes it very easy to deploy new honeypots and get data flowing • Leverages some existing open source tools – hpfeeds – nmemosyne – honeymap – MongoDB – Dionaea, Conpot, Snort, Kippo – Glastopf, Amun, and Wordpot www.threatstream.com © 2014 threatstream Confidential 7
Honeypot Management • MHN Automates management tasks • Deploying new honeypots • Setting up data flows using hpfeeds • Store and index the resulting data • Correlate with IP Geo data • Real-time visualization www.threatstream.com © 2014 threatstream Confidential 8
Architecture MH N Mnemosyne honeymap Webapp REST API 3rd party apps hpfeeds snort conpot dionaea snort conpot dionaea snort conpot dionaea Sensors Kippo Kippo Kippo Glastop f Glastop f Glastop f Amun Amun Amun www.threatstream.com © 2014 threatstream Confidential 9
Demo www.threatstream.com © 2014 threatstream Confidential 10
Open Source (GPLv3) github.com/threatstream/MHN www.threatstream.com © 2014 threatstream Confidential 11
Questions www.threatstream.com © 2014 threatstream Confidential 12
Contact • Jason Trost • @jason_trost • jason.trost [AT] threatstream [DOT] com • github.com/jt6211 www.threatstream.com © 2014 threatstream Confidential 13

More Related Content

PPTX
Modern Honey Network (MHN)
Jason Trost
 
PPTX
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Jason Trost
 
PPTX
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Jason Trost
 
PPTX
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
 
PPTX
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
 
PPTX
R-CISC Summit 2016 Borderless Threat Intelligence
Jason Trost
 
PPTX
SANS CTI Summit 2016 Borderless Threat Intelligence
Jason Trost
 
PPTX
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Cloudera, Inc.
 
Modern Honey Network (MHN)
Jason Trost
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Jason Trost
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Jason Trost
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
 
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
 
R-CISC Summit 2016 Borderless Threat Intelligence
Jason Trost
 
SANS CTI Summit 2016 Borderless Threat Intelligence
Jason Trost
 
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Cloudera, Inc.
 

What's hot (20)

PDF
Fighting cybersecurity threats with Apache Spot
markgrover
 
PPTX
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Jason Trost
 
PPTX
Episode IV: A New Scope
ThreatConnect
 
PDF
Honeynet architecture
amar koppal
 
PPTX
Open Source Malware Lab
ThreatConnect
 
PDF
Fighting cyber fraud with hadoop v2
Niel Dunnage
 
PDF
Reducing Mean Time to Know
Sqrrl
 
PPTX
Hadoop and Big Data Security
Chicago Hadoop Users Group
 
PDF
Save Time and Act Faster with Playbooks
ThreatConnect
 
PDF
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Blue Coat
 
PPTX
Advanced Threat Hunting - Botconf 2017
Kevin Finley
 
PPTX
Threat Hunting for Command and Control Activity
Sqrrl
 
PDF
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
 
PPTX
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
PDF
Sqrrl May Webinar: Data-Centric Security
Sqrrl
 
PDF
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Tony Cook
 
PDF
October 2014 Webinar: Cybersecurity Threat Detection
Sqrrl
 
PDF
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Chi En (Ashley) Shen
 
PDF
The Art and Science of Alert Triage
Sqrrl
 
PPTX
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Jisc
 
Fighting cybersecurity threats with Apache Spot
markgrover
 
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Jason Trost
 
Episode IV: A New Scope
ThreatConnect
 
Honeynet architecture
amar koppal
 
Open Source Malware Lab
ThreatConnect
 
Fighting cyber fraud with hadoop v2
Niel Dunnage
 
Reducing Mean Time to Know
Sqrrl
 
Hadoop and Big Data Security
Chicago Hadoop Users Group
 
Save Time and Act Faster with Playbooks
ThreatConnect
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Blue Coat
 
Advanced Threat Hunting - Botconf 2017
Kevin Finley
 
Threat Hunting for Command and Control Activity
Sqrrl
 
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Tony Cook
 
October 2014 Webinar: Cybersecurity Threat Detection
Sqrrl
 
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Chi En (Ashley) Shen
 
The Art and Science of Alert Triage
Sqrrl
 
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Jisc
 

Viewers also liked (11)

PDF
Pengamanan Jaringan dengan Honeynet-Charles Lim
Directorate of Information Security | Ditjen Aptika
 
PDF
Modul metasploit
Setia Juli Irzal Ismail
 
PDF
05 tk3193-sniffing & dos
Setia Juli Irzal Ismail
 
PDF
13. representasi data 1 julv1
Setia Juli Irzal Ismail
 
PDF
17. representasi data 5 julv2
Setia Juli Irzal Ismail
 
PDF
4. alat input output jul
Setia Juli Irzal Ismail
 
PDF
14. representasi data 2 jul
Setia Juli Irzal Ismail
 
PDF
Jurnal metasploit(revisi)
Setia Juli Irzal Ismail
 
PDF
15. representasi data 3 jul
Setia Juli Irzal Ismail
 
PDF
16. representasi data 4
Setia Juli Irzal Ismail
 
PDF
Jurnal modul 3 vpn
Setia Juli Irzal Ismail
 
Pengamanan Jaringan dengan Honeynet-Charles Lim
Directorate of Information Security | Ditjen Aptika
 
Modul metasploit
Setia Juli Irzal Ismail
 
05 tk3193-sniffing & dos
Setia Juli Irzal Ismail
 
13. representasi data 1 julv1
Setia Juli Irzal Ismail
 
17. representasi data 5 julv2
Setia Juli Irzal Ismail
 
4. alat input output jul
Setia Juli Irzal Ismail
 
14. representasi data 2 jul
Setia Juli Irzal Ismail
 
Jurnal metasploit(revisi)
Setia Juli Irzal Ismail
 
15. representasi data 3 jul
Setia Juli Irzal Ismail
 
16. representasi data 4
Setia Juli Irzal Ismail
 
Jurnal modul 3 vpn
Setia Juli Irzal Ismail
 

Similar to Modern Honey Network at Bay Area Open Source Security Hackers (20)

PDF
Hortonworks sqrrl webinar v5.pptx
Hortonworks
 
PPTX
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Cloudera, Inc.
 
PDF
Security Breakout Session
Splunk
 
PPTX
Preparing for the Cybersecurity Renaissance
Cloudera, Inc.
 
PPTX
Supporting Financial Services with a More Flexible Approach to Big Data
WANdisco Plc
 
PPTX
2016 Cybersecurity Analytics State of the Union
Cloudera, Inc.
 
PDF
Big data beyond the hype may 2014
bigdatagurus_meetup
 
PPTX
Make Streaming Analytics work for you: The Devil is in the Details
DataWorks Summit/Hadoop Summit
 
PDF
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
Hortonworks
 
PDF
Ciso executive forum 2013
Bill Burns
 
PDF
Enterprise Apache Hadoop: State of the Union
Hortonworks
 
PDF
System Security on Cloud
Tu Pham
 
PDF
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Italia
 
PDF
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Grid Dynamics
 
PDF
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark Summit
 
PPTX
S2DS London 2015 - Hadoop Real World
Sean Roberts
 
PPTX
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
PPTX
big data and cloud computing
Mohamed Sharique Vellikan
 
PDF
Enterprise Hadoop with Hortonworks and Nimble Storage
Hortonworks
 
PPTX
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Cristian Garcia G.
 
Hortonworks sqrrl webinar v5.pptx
Hortonworks
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Cloudera, Inc.
 
Security Breakout Session
Splunk
 
Preparing for the Cybersecurity Renaissance
Cloudera, Inc.
 
Supporting Financial Services with a More Flexible Approach to Big Data
WANdisco Plc
 
2016 Cybersecurity Analytics State of the Union
Cloudera, Inc.
 
Big data beyond the hype may 2014
bigdatagurus_meetup
 
Make Streaming Analytics work for you: The Devil is in the Details
DataWorks Summit/Hadoop Summit
 
C-BAG Big Data Meetup Chennai Oct.29-2014 Hortonworks and Concurrent on Casca...
Hortonworks
 
Ciso executive forum 2013
Bill Burns
 
Enterprise Apache Hadoop: State of the Union
Hortonworks
 
System Security on Cloud
Tu Pham
 
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Italia
 
Open Blueprint for Real-Time Analytics in Retail: Strata Hadoop World 2017 S...
Grid Dynamics
 
Spark in the Hadoop Ecosystem-(Mike Olson, Cloudera)
Spark Summit
 
S2DS London 2015 - Hadoop Real World
Sean Roberts
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
big data and cloud computing
Mohamed Sharique Vellikan
 
Enterprise Hadoop with Hortonworks and Nimble Storage
Hortonworks
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Cristian Garcia G.
 

Recently uploaded (20)

PDF
Microsoft Core Cloud Services powerpoint
KamelAbouSaleh1
 
PDF
Optimise Shopper Experiences with a Strong Data Estate.pdf
Prasad Chandane
 
PPTX
FMIS 108 and AISlaudon_mis17_ppt_ch11.pptx
SadihaAfrose
 
PDF
Microsoft 365 products and services descrption
KamelAbouSaleh1
 
PPTX
retention in jsjsksksksnbsndjddjdnFPD.pptx
JayeshTaneja4
 
PPTX
Pilar Kemerdekaan dan Identi Bangsa.pptx
RyanSyah40
 
PDF
Capcut Pro Crack For PC Latest Version {Fully Unlocked 2025}
malikyahyah1122
 
PPTX
STERILIZATION AND DISINFECTION-1.ppthhhbx
DivuuJain
 
PDF
Global Data and Analytics Market Outlook Report
ssuser11803e
 
PPTX
Business_Capability_Map_Collection__pptx
anandazad4
 
PPTX
Leprosy and NLEP programme community medicine
Vinodhini Balamurugan
 
PPTX
Managing Community Partner Relationships
alexmderr
 
PPTX
sac 451hinhgsgshssjsjsjheegdggeegegdggddgeg.pptx
Akash486765
 
PDF
Transcultural that can help you someday.
jhongarin24
 
PPTX
Qualitative Qantitative and Mixed Methods.pptx
AhmaduMohammed
 
PPTX
Microsoft-Fabric-Unifying-Analytics-for-the-Modern-Enterprise Solution.pptx
Mahesh Reddy
 
PPTX
modul_python (1).pptx for professional and student
putusurya12
 
PPTX
New ISO 27001_2022 standard and the changes
Mayank Mathur
 
PPT
lectureusjsjdhdsjjshdshshddhdhddhhd1.ppt
dipa69
 
PPTX
Introduction to Inferential Statistics.pptx
CollegeofTeacherEduc3
 
Microsoft Core Cloud Services powerpoint
KamelAbouSaleh1
 
Optimise Shopper Experiences with a Strong Data Estate.pdf
Prasad Chandane
 
FMIS 108 and AISlaudon_mis17_ppt_ch11.pptx
SadihaAfrose
 
Microsoft 365 products and services descrption
KamelAbouSaleh1
 
retention in jsjsksksksnbsndjddjdnFPD.pptx
JayeshTaneja4
 
Pilar Kemerdekaan dan Identi Bangsa.pptx
RyanSyah40
 
Capcut Pro Crack For PC Latest Version {Fully Unlocked 2025}
malikyahyah1122
 
STERILIZATION AND DISINFECTION-1.ppthhhbx
DivuuJain
 
Global Data and Analytics Market Outlook Report
ssuser11803e
 
Business_Capability_Map_Collection__pptx
anandazad4
 
Leprosy and NLEP programme community medicine
Vinodhini Balamurugan
 
Managing Community Partner Relationships
alexmderr
 
sac 451hinhgsgshssjsjsjheegdggeegegdggddgeg.pptx
Akash486765
 
Transcultural that can help you someday.
jhongarin24
 
Qualitative Qantitative and Mixed Methods.pptx
AhmaduMohammed
 
Microsoft-Fabric-Unifying-Analytics-for-the-Modern-Enterprise Solution.pptx
Mahesh Reddy
 
modul_python (1).pptx for professional and student
putusurya12
 
New ISO 27001_2022 standard and the changes
Mayank Mathur
 
lectureusjsjdhdsjjshdshshddhdhddhhd1.ppt
dipa69
 
Introduction to Inferential Statistics.pptx
CollegeofTeacherEduc3
 

Modern Honey Network at Bay Area Open Source Security Hackers

  • 1. Modern Honey Network (MHN) Open Source Honeynet Management Platform Colby DeRodeff Chief Technology Officer Jason Trost @jason_trost jason.trost [AT] threatstream [DOT] com
  • 2. Who am I • Jason Trost (@jason_trost) • Director of ThreatStream Labs • Formerly at Endgame, Booz Allen, Dept. of Defense, Sandia Nat’l Labs • Background in Big Data Security Analytics • Big advocate of open source and open source contributor – Binary Pig – framework for large-scale static analysis using Hadoop – Apache Accumulo – Pig integration, Python integration, Analytics – Apache Storm – Elasticsearch plugins – Honeynet Project www.threatstream.com © 2014 threatstream Confidential 2
  • 3. ThreatStream • Cyber Security company founded in 2013 and venture backed by Google Ventures and Paladin Capital Group. • SaaS based enterprise security software that provides actionable threat intelligence to large enterprises and government agencies. • Our customers hail from the financial services, retail, energy, and technology sectors. www.threatstream.com © 2014 threatstream Confidential 3
  • 4. Agenda • Background • The Problem • What is MHN • MHN Architecture • Demo • Wrap-up www.threatstream.com © 2014 threatstream Confidential 4
  • 5. Background • Honeypots can be very useful – Esp. if deployed behind your firewall – Catch internal scanning hosts – Early warning system • Honeypot and network sensor data is useful, esp. at scale – Threat feeds – Reputation engine – Attack trends – Is this IP only attacking me? Or others? www.threatstream.com © 2014 threatstream Confidential 5
  • 6. The Problem • Deploying/Managing Honeypots is difficult • These activities are harder than they should be: – Installing Honeypot packages – Managing Honeypot sensors – Setting up data flows – Analyzing the collected data • Because of this, honeypots are not used as much as they could be in production • We hope to change that www.threatstream.com © 2014 threatstream Confidential 6
  • 7. What is MHN • Modern Honey Network • Open source platform for managing honeypots, collecting and analyzing their data • Makes it very easy to deploy new honeypots and get data flowing • Leverages some existing open source tools – hpfeeds – nmemosyne – honeymap – MongoDB – Dionaea, Conpot, Snort, Kippo – Glastopf, Amun, and Wordpot www.threatstream.com © 2014 threatstream Confidential 7
  • 8. Honeypot Management • MHN Automates management tasks • Deploying new honeypots • Setting up data flows using hpfeeds • Store and index the resulting data • Correlate with IP Geo data • Real-time visualization www.threatstream.com © 2014 threatstream Confidential 8
  • 9. Architecture MH N Mnemosyne honeymap Webapp REST API 3rd party apps hpfeeds snort conpot dionaea snort conpot dionaea snort conpot dionaea Sensors Kippo Kippo Kippo Glastop f Glastop f Glastop f Amun Amun Amun www.threatstream.com © 2014 threatstream Confidential 9
  • 10. Demo www.threatstream.com © 2014 threatstream Confidential 10
  • 11. Open Source (GPLv3) github.com/threatstream/MHN www.threatstream.com © 2014 threatstream Confidential 11
  • 12. Questions www.threatstream.com © 2014 threatstream Confidential 12
  • 13. Contact • Jason Trost • @jason_trost • jason.trost [AT] threatstream [DOT] com • github.com/jt6211 www.threatstream.com © 2014 threatstream Confidential 13

Editor's Notes

  • #2: Good evening welcome to our talk on the Modern Honey Network, an open source platform managing Honeynets
  • #7: have you tried setting up hpfeeds based data flows? It is a kind of a pain
  • #12: also open sourced a small supporting project https://github.com/threatstream/snort_hpfeeds