Strategies
In order to respond to compromise from inside an organization, it is critical to have in-depth intelligence about how, when, and what access to sensitive information was gained. The Insider strategy involves deploying a honeynet as a fully-functional production network.
In many espionage cases, intruders acquire administrative access to sensitive information via social engineering. Therefore, they are able to easily bypass conventional security measures. However, by deploying a honeypot that is indistinguishable from production assets but that provides low-level surveillance from outside the operating system, thieves have no idea they are being observed and no way to bypass that surveillance.
Real-time forensic analysis allows for the rapid extraction of relevant intelligence from a sea of otherwise polluting user data. This knowledge, acquired in a timely fashion, can be correlated with investigations of social engineering/physical compromise on a timescale that allows successful intervention.