When attackers gain access to a system, they immediately look for ways to gain more control. One of the easiest ways to expand their presence is to find plaintext credentials lying around in code, config, or logs.
By the time an intrusion is detected, it is likely too late. What you need is an alarm to let you know someone is intruding while they are intruding. That is where honeytokens come in.
Honeytokens are credentials that don't actually grant any access, instead triggering alerts that report the intruder's activity.
If you are working to detect and stop intruders in their tracks, then this session is for you.
Takeaways: Understanding how honeytokens work Maximizing the impact of honeytokens Deploying honeytokens at scale with automation Open Source and Enterprise options