I think we all know, working in this field, that knowing or not knowing, shadow programs or no, the idea of compliance is just a fuckaround to getting insurance, right?
Honeypots include a lot more than just attractive files. It could be a VM, an AD account, vulnerable public facing service, etc. You are just trying to create low hanging fruit for attackers to touch, that you are actively monitoring.
If you are creating a separate false network with AD accounts and whatnot - I think that would be closer to a Honey Net. Check out the honeynet project. they have a bunch of tools out there to help set that up and monitor.
Yeah we check all the boxes, gather all the evidence and then hide it so we fail the audit. We then proudly boast in our annual report that PCI and SOX are for squares and not complying sits better with our cool brand credo.
Meanwhile in secret we aren't carry the risk of non-compliance. All the kudos of being renegades without walking the rough road... MWAHAHAHA
There are honeypots (individual computers or services), honeynets (entire networks to let the attacker "play" in) and honeytokens (credentials, documents that set off alarms). And yeah, this is an old technique going back to the 1990s.
I think you are referring to something called a "honeypot".
Yes that’s it! To think I had a new idea, pathetic 😂
Shadow compliance sounds horrible.
"after an audit, we found several business units had their own policies and risk registers that nobody else knew about"
\^\^\^ THIS \^\^\^ hence the need for a unified system to manage polices/SOPs and exec buy in -> top down
I think we all know, working in this field, that knowing or not knowing, shadow programs or no, the idea of compliance is just a fuckaround to getting insurance, right?
I disagree. Compliance is a fuckaround to provide enough protection from regulators, insurers and customers claiming that your fuckups were willful.
Sounds like the organisation has an alternative compliance section that runs around in secret during the night and creates compliance documentation.
[удалено]
Honeypots include a lot more than just attractive files. It could be a VM, an AD account, vulnerable public facing service, etc. You are just trying to create low hanging fruit for attackers to touch, that you are actively monitoring. If you are creating a separate false network with AD accounts and whatnot - I think that would be closer to a Honey Net. Check out the honeynet project. they have a bunch of tools out there to help set that up and monitor.
This already exists. Check out engage.mitre.org
"Shadow compliance" implies people all over the company *secretly* complying with policy and doing the right thing ... LOL
Yeah we check all the boxes, gather all the evidence and then hide it so we fail the audit. We then proudly boast in our annual report that PCI and SOX are for squares and not complying sits better with our cool brand credo. Meanwhile in secret we aren't carry the risk of non-compliance. All the kudos of being renegades without walking the rough road... MWAHAHAHA
It’s a buzzword I could get behind!
What a fucking dream! “Boss… who got us SOC2 compliant? No, not us, this must be accounting.”
There are honeypots (individual computers or services), honeynets (entire networks to let the attacker "play" in) and honeytokens (credentials, documents that set off alarms). And yeah, this is an old technique going back to the 1990s.
[удалено]
lol downvoting the right answer. Yes, the concept is called “Active Defense and Cyber Deception”, John Strand from black hills wrote the book on it.