- This event has passed.
Blue Team Talk: Who Goes There? Actively Detecting Intruders With Honeytokens
August 23 @ 1:00 pm – 1:30 pm EDT
Intrusion detection works best when you can discover the attacker while they are still in the system. Finding out after the fact does little to protect your systems and your data. Ideally, you would want to set an alarm that an attacker would trigger while limiting the damage to your environment. We know from many recent breaches that attackers commonly try to expand their foothold in a system by finding and exploiting hardcoded credentials in environments they have accessed. We can use these behavioral patterns to our advantage by engaging in defensive cyber deception.
Clicking on the button above will take you
to our registration form on Cvent.
You might already be familiar with the concept of honeypots, false systems, or networks meant to lure and ensnare hackers. There is a subclass of honeypots that require almost none of the overhead, are simple to deploy, are used by many industries, and lure attackers to trigger alerts while they are trying to gain further access. The industry has arrived at the term honeytoken for this branch of cybersecurity tooling.
Dwayne McDaniel has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.