ICS honeypots and honeynets have been around for more than a decade. Many are low interaction that don’t fool basic scanners and others are very difficult to tell from the real thing. To date, most of the deployments are for threat analysis and threat statistics, but should you be considering an ICS honeypot as a detection tool? A canary that will sing and give you an early warning of an attack. Or will the attacker you should worry about know it is a honeypot and not touch it.
In this session two experts who have experience building and deploying ICS honeypots will tell you how they can best be used and when they should be considered in your ICS cyber incident detection journey.