Greg YoungIt used to be that having a honeypot was a sign that you had good IT security. The reverse is now the case. When the threats went from motivated to automated, determining if you are a target is not that valuable. Everyone is now equally a target, and the threat is persistent.
Your network is now the honeypot. Bot networks and rootkits made seeing if you are in anyone’s sights or attempting to divert them not that valuable. MSSPs, ISPs/carriers, and security vendors are exceptions to those who should spend time watching the threat trend, but this is now more macro and inspecting for broad trends rather than finding if someone is gunning for you. Vendors are started to introduce “opt in” features where you can share the general information from your security product with the vendor, who in turn will process the collective information and share it back with you to help better configure your product based on what your peers are doing.
There are only a few exceptions – maybe if you are trying to root out a specific instance of corporate espionage. But otherwise spend the time and money on cleaning up the damage that has already been done: patch management, IPS, or a tool to watch for bot infections. See our Case Study here on Procter & Gamble’s project to get ahead of botnet infections.
Comments Off
Category: Security Tags:
