An Introduction to 项目海森堡
项目海森堡 began in 2014 with a singular purpose: understand what attackers, 研究人员, and organizations are doing in, 在, and against cloud environments. It does this by deploying low interaction honeypots—or computers that do not solicit services—globally and recording telemetry about connections and incoming attacks to better understand the tactics, 技术, and procedures used by bots and human attackers.
多年来, 项目海森堡’s impact has been two-fold: First, it has enabled us to provide a rational, objective assessment of attacker behaviors and their potential impacts. This helps establish relationships with other internet-scale 研究人员 to create forums for collaboration and confirmation when new threats arise. 第二个, insights extracted from Heisenberg have raised awareness about the depth and breadth of determined attackers, 机会主义攻击者, organizational misconfigurations, and what security 研究人员 are poking for on the internet. You can explore these insights in Rapid7 studies such as Off the Chain: Observing Bitcoin Nodes on the Public Internet, The Attacker’s Dictionary,我们的 季度威胁报告, and see them put into practice with groundbreaking Attacker-Based Analytics 在我们的 InsightIDR 产品.
它是如何工作的
The Heisenberg honeypot framework is a modern take on the seminal attacker detection tool: Each Heisenberg node is a lightweight, configurable agent that is centrally deployed using well-tested tools and controlled from a central administration portal. Virtually any honeypot code can be deployed to Heisenberg agents, and all agents send back full packet captures for post-interaction analysis. Currently, we have deployed over 150 honeypots worldwide, 在 5 continents.
All interaction and packet capture data is synchronized to a central collector, and all real-time logs are fed directly into Rapid7 产品s for live monitoring and historical data mining. When an unsolicited connection attempt is made to one of our honeypots, it often calls for further analysis.