O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Modern Honey Network (MHN)

4.522 visualizações

Publicada em

Open source platform for deploying/managing Honeypots & using their data http://threatstream.github.io/mhn/

Publicada em: Software, Tecnologia
  • Seja o primeiro a comentar

Modern Honey Network (MHN)

  1. 1. Colby DeRodeff Chief Technology Officer Modern Honey Network (MHN) Open Source Honeynet Management Platform Jason Trost @jason_trost jason.trost [AT] threatstream [DOT] com
  2. 2. Who am I • Jason Trost (@jason_trost) • Senior Analytics Engineer at ThreatStream • Formerly at Endgame, Booz Allen, Dept. of Defense, Sandia Nat’l Labs • Background in Big Data Security Analytics • Big advocate of open source and open source contributor – Binary Pig – framework for large-scale static analysis using Hadoop – Apache Accumulo – Pig integration, Python integration, Analytics – Apache Storm – Elasticsearch plugins www.threatstream.com © 2014 threatstream Confidential 2
  3. 3. ThreatStream • Cyber Security company founded in 2013 and recently closed Series A round with Google Ventures and Paladin Capital Group. • SaaS based enterprise security software that provides actionable threat intelligence to large enterprises and government agencies. • Our customers hail from the financial services, retail, energy, and technology sectors. www.threatstream.com © 2014 threatstream Confidential 3
  4. 4. Agenda • Background • The Problem • What is MHN • MHN Architecture • Demo • Wrap-up www.threatstream.com © 2014 threatstream Confidential 4
  5. 5. Background • Honeypots can be very useful – Esp. if deployed behind your firewall – Catch internal scanning hosts – Early warning system • Honeypot and network sensor data is useful, esp. at scale – Threat feeds – Reputation engine – Attack trends – Is this IP only attacking me? Or others? www.threatstream.com © 2014 threatstream Confidential 5
  6. 6. The Problem • Deploying/Managing Honeypots is difficult • These activities are harder than they should be: – Installing Honeypot packages – Managing Honeypot sensors – Setting up data flows – Analyzing the collected data • Because of this, honeypots are not used as much as they could be in production • We hope to change that www.threatstream.com © 2014 threatstream Confidential 6
  7. 7. What is MHN • Modern Honey Network • Open source platform for managing honeypots, collecting and analyzing their data • Makes it very easy to deploy new honeypots and get data flowing • Leverages some existing open source tools – hpfeeds – nmemosyne – honeymap – MongoDB – Dionaea, Conpot, Snort – Soon: Suricata, Kippo, others www.threatstream.com © 2014 threatstream Confidential 7
  8. 8. Honeypot Management • MHN Automates management tasks • Deploying new honeypots • Setting up data flows using hpfeeds • Store and index the resulting data • Correlate with IP Geo data • Real-time visualization www.threatstream.com © 2014 threatstream Confidential 8
  9. 9. Architecture www.threatstream.com © 2014 threatstream Confidential 9 Mnemosyne Webapp REST APIhoneymap MH N 3rd party apps snort conpot dionaea snort conpot dionaea snort conpot dionaea Sensors hpfeeds YOURS YOURS YOURS
  10. 10. Demo www.threatstream.com © 2014 threatstream Confidential 10
  11. 11. Open Source (GPLv3) github.com/threatstream/MHN www.threatstream.com © 2014 threatstream Confidential 11
  12. 12. Future Work • Support for more sensors – Suricata – Glastopf – Shiva – Kippo • CEF output for SIEM integration • Better support for Redhat/Centos sensors • More data search/exploration options www.threatstream.com © 2014 threatstream Confidential 12
  13. 13. Questions www.threatstream.com © 2014 threatstream Confidential 13
  14. 14. Contact • Jason Trost • @jason_trost • jason.trost [AT] threatstream [DOT] com • github.com/jt6211 www.threatstream.com © 2014 threatstream Confidential 14

×