Tool aims to help enterprise IT manage 'honeypot' hacker decoys

A new tool called the Modern Honey Network (MHN) aims to make deploying and managing large numbers of honeypots easier so that enterprises can adopt such systems as part of their active defense strategies.

Honeypots are systems that are intentionally left vulnerable to a variety of attacks in order to attract hackers and monitor their tools, techniques and intentions. They were once almost exclusively used by security vendors, researchers and computer emergency response teams, but have increasingly become an important source of threat intelligence for businesses in recent years.

There are many honeypot software packages available and most of them are free to use and open source. However installing, configuring and monitoring honeypots remains a somewhat complicated process that requires specialized knowledge.

The MHN project launched Thursday by ThreatStream, a threat intelligence provider in Redwood City, California, attempts to tackle that problem with a new open-source platform that allows enterprise security teams to easily manage large numbers of honeypots with visibility inside and outside their networks.

MHN can be used to deploy sensors like Dionaea, Conpot, Kippo and Snort and collect attack data from them using hpfeeds, a honeypot data feed protocol. The platform can then index the data and generate real-time visualizations using IP address geo-location information.

MHN also provides a REST API (representational state transfer application programming interface), meaning that users can build custom applications to interact with the system. The developers are also working on adding support for CEF (Common Event Format) and STIX (Structured Threat Information Expression), which will allow the system to be integrated directly with existing Security Information and Event Management (SIEM) products.

MHN was released on GitHub under the GNU Lesser General Public License (LGPL).