Talk to an expert
BLOG

Challenges with Threat Intelligence or why a Honeynet is a good idea

By Elliot Anderson  |  July 31, 2023

Shared threat intelligence is an attractive concept. The good guys share experiences about what the bad guys are doing thereby blunting attacks. This includes public-private partnerships like InfraGard, a partnership between the FBI and the private sector dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

The analogy can be made to casinos that share information with each other about cheaters and their characteristics via the Gaming Board or the Griffin Book. If you share the intelligence then everybody but the cheater wins. So why not the same for cyber security?

For one thing, you are dealing with anonymous adversaries capable of rapid change, unlike the casino analogy where facial recognition can identify an individual even if their appearance is modified. Also, the behavior of the casino cheat tends to be similar (for example sit at the craps table or counting cards at blackjack as in Rain Man). In the cybersecurity world, all the defender has to go on is the type of attack (malware, phishing, ransomware), an IP range, and possibly a domain name. So the indicators of compromise (IOCs) that can be shared are file hashes, domain names, and sender email domains-all multiplying and morphing at digital speed. The IOCs are very hard to share globally at the scale and speed of the internet.

In addition, when the good guys share the IOCs, they do so in ways that are visible to bad guys as well (e.g., upload suspect files to Virus Total). This is leveraged by the bad guys to know the progress of the defenders and therefore adapt their attack.

So what now?

One solution is to implement local threat intelligence with a honeynet, a cyber-defense product that thwarts attempts by attackers to gain information about a private network. Comprised of multiple virtualized decoys strategically scattered throughout the network to lure bad actors, honeynets can provide intelligence about malicious activity against the network. This solution is effective in identify bad actors including insiders, by their behavior, in your neighborhood. This blog describes the how they differ from Threat Intelligence.

By Elliot Anderson
Challenges with Threat Intelligence or why a Honeynet is a good idea

Topics Covered

Share This

Subscribe for Exclusive Updates

Stay informed with the most recent updates, threat briefs, and useful tools & resources. You have the option to unsubscribe at any time.

Related Articles

🚨 New Webinar Alert! 🚨

Q2: SOC Quarterly Threat Briefing

🗓️ Date: July 24th, 2024
🕒 Time: 11 AM (PT)

Secure Your Spot!
Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram