You See Honey, I See Beehive - Developing Honey Networks

Explore advanced cyber-defense strategies in this 30-minute RSA Conference talk by Joseph Muniz, Security Architect and Researcher at Cisco. Dive into the concept of honey networks, combining honeypots, security sensors, and continuous monitoring techniques for comprehensive breach defense. Learn about open-source and enterprise options suitable for networks of all sizes. Discover how to implement phantom network zones, design subnets for threat detection, create honeypot personas, and effectively tune your SIEM. Gain insights into unsampled NetFlow for enhanced visibility and understand the potential pitfalls of honeypot reconnaissance. Master the art of integrating multiple defense techniques to create a robust, end-to-end honey network that meets industry guidelines for cyber-defense capabilities.

Intro
Cat And Mouse Game
Basic Attack Conept
Endpoint and Branch Network
Security Capabilities
NetFlow = Visibility
Why Unsampled NetFlow?
Phantom Network Zones Concept
Phantom Network Alarm Examples
Subnets Designed for Threat Detectio
Honeypot Personas
Honeypot Usage
Beware - Honeypot Recon
Combine Phantom Networks, Honeypots +
Tuning Your SIEM
Keep it Simple