Many folks have asked for a quick review of the way HoneyPoint users progress as they grow their confidence in the product suite and in their capability to manage threat data. To help answer those questions and to give folks a quick way to check out how some folks use HoneyPoint beyond simple scan/probe detection, we put together this quick maturity model to act as a roadmap. If you are interested in hearing more about a specific set of functions or capabilities, give us a call or drop us a line. We would be happy to walk you through the model or any of the specific items. HoneyPoint users, feel free to engage with support if some of this sparks a new idea for how your organization can deepen your own HoneyPoint use cases.
The HoneyPoint Maturity Model (PDF)
Furthering the discussion on how detection in depth works, here is an example. This is a diagram that shows an asset (in this case PII) in a database that is accessed via a PHP web application. The diagram shows the various controls around detection in place to protect the data at the various focus levels for detection. As explained in the maturity model post before, the closer the detection control is to the asset, the higher the signal to noise ratio it should be and the higher the relevance o the data should be to the asset being protected (Huston’s Postulate). Hopefully, this diagram helps folks see a working example of how detection in depth can be done and why it is not only important, but increasingly needed if we are going to turn the tide on cyber-crime. As always, thanks for reading and feel free to engage with ideas in comments or seek me out on Twitter (@lbhuston) and let me know what you think.
Detection In Depth Focus Model (PDF)
