An Introduction to 项目海森堡
项目海森堡 began in 2014 with a singular purpose: underst和 what attackers, 研究人员, 和 organizations are doing in, 在, 和 against cloud environments. It does this by deploying low interaction honeypots—or computers that do not solicit services—globally 和 recording telemetry about connections 和 incoming attacks to better underst和 the tactics, 技术, 和 procedures used by bots 和 human attackers.
多年来, 项目海森堡’s impact has been two-fold: First, it has enabled us to provide a rational, objective assessment of attacker behaviors 和 their potential impacts. This helps establish relationships with other internet-scale 研究人员 to create forums for collaboration 和 confirmation when new threats arise. 第二个, insights extracted from Heisenberg have raised awareness about the depth 和 breadth of determined attackers, 机会主义攻击者, organizational misconfigurations, 和 what security 研究人员 are poking for on the internet. You can explore these insights in Rapid7 studies such as Off the Chain: Observing Bitcoin Nodes on the Public Internet, 攻击者的字典,我们的 季度威胁报告, 和 see them put into practice with groundbreaking Attacker-Based分析 在我们的 InsightIDR 产品.
它是如何工作的
The Heisenberg honeypot framework is a modern take on the seminal attacker detection tool: Each Heisenberg node is a lightweight, configurable agent that is centrally deployed using well-tested tools 和 controlled from a central administration portal. Virtually any honeypot code can be deployed to Heisenberg agents, 和 all agents send back full packet captures for post-interaction analysis. Currently, we have deployed over 150 honeypots worldwide, 在 5 continents.
All interaction 和 packet capture data is synchronized to a central collector, 和 all real-time logs are fed directly into Rapid7 产品s for live monitoring 和 historical data mining. When an unsolicited connection attempt is made to one of our honeypots, it often calls for further analysis.