Running A Factory: A Realistic, High Interaction ICS Honeynet

Main Stage

We’ve all heard about honeypots, and maybe even have deployed one. This Honeynet is like no other that has been built. Painstakingly over the course of a few months we designed, setup, and built a factory honeypot that was so real that we could have started making products with it. Was it enough to lure attackers in to think they were breaking into a real factory?

Stephen will discuss some of the history with similar and more basic ICS honeypots built and monitored at Trend Micro. Then, he will show how this one is different, and how much effort was put into building it to make it look realistic as a complete ICS and a company that would have this ICS.

You will learn what kind of attacks were seen … scans, interactions, and other findings of running the honeynet (which has been running since May 2019). Finally the session will wrap up with some recommendations based on the findings from running this honeynet.

Attacks and Attackers Detection & Response