HONEYPOTS: NATIONAL SECURITY
Our client - a National Security organization - is working on a cyber secure Netherlands. Dutch organizations in vital sectors and central government are obliged to report serious digital security incidents to this organization. For them, the digital infrastructure is vitally important: from payment services, to clean tap water and flood prevention.
PURPOSE
This organization faced a growing challenge: understanding what threats were truly out there. Most intelligence came after incidents had already occurred—too late to act proactively. They wanted something better: a real-time, nationwide view of the cyber threat landscape.
The question was simple but critical:
What is actually happening on the internet right now? What are attackers scanning for, and what vulnerabilities are they targeting across Dutch infrastructure?
IMPACT
Over 40 deployed honeypots collected over 9 billion payloads, providing them with the clearest picture yet of the current threat environment.
All data was processed in Raven, where it was enriched with metadata (like user agents, reverse DNS) and analyzed using string similarity to detect unknown or evolving payloads. This allowed the National Security organization to identify trends, discover new threats earlier, and improve recommendations to public and private sector partners. Without this project, the organization would continue to operate with blind spots in its threat landscape.
MISSION
To answer that question, we deployed our threat intelligence platform, Raven. We set out to build a network of honeypots—digital traps that simulate vulnerable systems—across forty different hosting providers throughout the Netherlands. These honeypots would become silent observers, capturing live attack data from all corners of the internet.
Challenges included keeping the honeypots live across different providers, filtering out irrelevant traffic, and scaling analysis across massive data volumes.