GreyNoise was founded to see what others don’t. That quest led us to build a unique global network of thousands of sensors across hundreds of strategically selected points of presence, giving cybersecurity practitioners unparalleled insight into online activity, whether malicious or benign. 

And in 2023, we saw something new.

In the second quarter of 2023 GreyNoise researchers observed a substantial change in internet scanning behavior. Malicious inventory scans significantly reduced in frequency and scale, and the vast majority of these types of scans now come from benign sources. This, along with the speed at which compromises follow vulnerability announcements, strongly suggests more capable attacker groups have implemented their own form of “attack surface monitoring”, to avoid tripping existing defenses. Attackers are now less likely to risk their reconnaissance infrastructure being detected and flagged prior to establishing confidence in a successful attack path.

A change in attacker behavior is rendering current defenses less effective. But an established technique is ready to rise to the challenge. Honeypots are back.

With attackers routing around observation and detection, traditional third-party threat intelligence cannot provide the targeted attack visibility that defenders need. A first-party, honeypot-based approach is ready to step into the breach.

While honeypot programs have traditionally struggled with deployment, operation, and data analysis, new technology is changing the game. Advances in infrastructure automation, network traffic shaping, cloud computing, and artificial intelligence make it possible to consistently identify novel attacks and reveal attacker infrastructure. New honeypot networks are easy to deploy, with flexible impersonation, believable personas, and automated analysis. Whether on an organization’s perimeter or deployed across the globe, they provide the insights defenders need to protect key systems before a breach. 

At GreyNoise, we haven’t just focused on tech leadership — we’ve brought in thought leadership as well. In order to educate the market about these new challenges, and how honeypots can help tackle them, our deception and intelligence experts Andrew Morris and Bob Rudis have published the Honeypots Are Back report. This report:

  • Breaks down targeted attacks
  • Compares third- and first-person threat intelligence
  • Discusses traditional honeypot challenges
  • Establishes a new honeypot maturity framework
  • Provides a security checklist for defenders to implement this necessary capability

To dive deeper into each of these topics, read the report here. To see a demonstration of the new honeypot capabilities under development at GreyNoise today, watch our on-demand honeypot webinar here. And if you’re ready to discuss standing up a mature honeypot network in your own environment, talk to our team

This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
GreyNoise Labs logo
Link to GreyNoise Twitter account
Link to GreyNoise Twitter account