-
Notifications
You must be signed in to change notification settings - Fork 63
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create Who-Goes-There-Actively-Detecting-Intruders-With-Cyber-Decepti…
…on-Tools.md
- Loading branch information
Showing
1 changed file
with
41 additions
and
0 deletions.
There are no files selected for viewing
41 changes: 41 additions & 0 deletions
41
...nance/Who-Goes-There-Actively-Detecting-Intruders-With-Cyber-Deception-Tools.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| --- | ||
| title : "Who Goes There? Actively Detecting Intruders With Cyber Deception Tools" | ||
| track : Governance | ||
| project : Risk and Governance | ||
| type : working-session | ||
| topics : | ||
| featured : | ||
| event : mini-summit | ||
| when_year : 2024 | ||
| when_month : Jan | ||
| when_day : Fri | ||
| when_time : WS-15-16 | ||
| hey_summit : | ||
| session_slack: | ||
| #status : draft | ||
| description : | ||
| banner : | ||
| organizers : | ||
| - Dwayne McDaniel | ||
|
|
||
| youtube_link : | ||
| zoom_link : | ||
| --- | ||
|
|
||
| ## About this session | ||
| Intrusion detection works best when you can discover the attacker while they are still in the system. Finding out after the fact does little to protect your systems and your data. | ||
|
|
||
| Ideally, you would want to set an alarm that an attacker would trigger while limiting the damage to your environment. | ||
|
|
||
| We know from many recent breaches that attackers commonly try to expand their foothold in a system by finding and exploiting hardcoded credentials in environments they have accessed. We can use these behavioral patterns to our advantage by engaging in defensive cyber deception. | ||
|
|
||
| You might already be familiar with the concept of honeypots, false systems, or networks meant to lure and ensnare hackers. There is a subclass of honeypots that require almost none of the overhead, are simple to deploy, are used by many industries, and lure attackers into triggering alerts while they are trying to gain further access. The industry has arrived at the term honeytoken for this branch of cybersecurity tooling. | ||
|
|
||
| Takeaways: | ||
| - Analysis of recent breaches for common attack behaviors | ||
| - A history of cyber deception and the evolution of honeypots in defensive strategies. | ||
| - Understanding how honeytokens work | ||
| - Maximizing the impact of honeytokens | ||
|
|
||
| ### Publications: | ||
| https://blog.gitguardian.com/honeytokens-protect-your-holy-grail/ |