HoneyPoint Agent Helps Another Client

Just got an interesting report in from another client helped by HoneyPoint Agent. This time, the client detected a probe against a SQLServer port that seemed to be coming from several hosts on their internal network.
The probe was aimed at identifying SQLServer installations, and while the story seems familiar, the probe itself was different. In this case, the client had network-based intrusion detection tools and other elements of signature-based visibility. However, the probe they were seeing was a new type of probe and signatures had not yet been created. Thus, the signature-based tools were basically blind to detecting the scans of this malware, even while it was beginning to spread across their environment.
HoneyPoint Agent on the other hand, simply detected the illicit traffic. Since deployed HoneyPoints are not real services, any contact with them should be considered suspicious at best or malicious at worst. In this case, the traffic was indeed malicious. HoneyPoint tipped them off to the source IP’s of the scanning and even gave them the data they needed to build network signatures for their network-based detection tools. Several hours later, they had significant intelligence into the scope, capability, source and methods of what they were facing. HoneyPoint had not only served as an early warning system, but had also given them the knowledge to grow their visibility to the overall impact of the security incident.
I love it when customers tell us about how HoneyPoint helped them in a time of need. I truly appreciate it when they catch malware early on and get to take quick, decisive defensive action. We might not win all of the battles in the infosec war, but when we do win a few and something we made helps turn the tide, it makes the MSI team very happy indeed!
This entry was posted in HoneyPoint by Brent Huston. Bookmark the permalink.

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

2 thoughts on “HoneyPoint Agent Helps Another Client

Leave a Reply