Training & Certification
Request a Proposal
User Behavior Analytics
By Compliance Requirement
Find a Partner
About Our Research
Meet the Team
National Exposure Index
Quarterly Threat Report
Under the Hoodie
Events & Webcasts
Training & Certification
IT & Security Fundamentals
News & Press Releases
Project Heisenberg began in 2014 with a singular purpose: understand what attackers, researchers, and organizations are doing in, across, and against cloud environments. It does this by deploying low interaction honeypots—or computers that do not solicit services—globally and recording telemetry about connections and incoming attacks to better understand the tactics, techniques, and procedures used by bots and human attackers.
Over the years, Project Heisenberg’s impact has been two-fold: First, it has enabled us to provide a rational, objective assessment of attacker behaviors and their potential impacts. This helps establish relationships with other internet-scale researchers to create forums for collaboration and confirmation when new threats arise. Second, insights extracted from Heisenberg have raised awareness about the depth and breadth of determined attackers, opportunistic attackers, organizational misconfigurations, and what security researchers are poking for on the internet. You can explore these insights in Rapid7 studies such as Off the Chain: Observing Bitcoin Nodes on the Public Internet, The Attacker’s Dictionary, and our Quarterly Threat Reports, and see them put into practice with groundbreaking Attacker-Based Analytics in our InsightIDR product.
The Heisenberg honeypot framework is a modern take on the seminal attacker detection tool: Each Heisenberg node is a lightweight, configurable agent that is centrally deployed using well-tested tools and controlled from a central administration portal. Virtually any honeypot code can be deployed to Heisenberg agents, and all agents send back full packet captures for post-interaction analysis. Currently, we have deployed over 150 honeypots worldwide, across 5 continents.
All interaction and packet capture data is synchronized to a central collector, and all real-time logs are fed directly into Rapid7 products for live monitoring and historical data mining. When an unsolicited connection attempt is made to one of our honeypots, it often calls for further analysis.
Ready to see this research put into practice? Explore intruder traps and Attacker-Based Analytics with a free trial of InsightIDR.
The path to a more secure world starts with sharing knowledge. Contact our researchers to get involved.
In this video, Bob Rudis, Chief Data Scientist at Rapid7, introduces you to the two foundational projects of Rapid7 Labs’ research—Sonar and Heisenberg.
With blockchain’s increasing popularity comes attractiveness to attackers, increased surface area for attacks, and growing challenges for defenders. Are bitcoin nodes behaving badly? Our researchers used Project Heisenberg to find out.
In the Attacker’s Dictionary, our researchers employ Project Heisenberg to delve into the passwords opportunistic attackers use to compromise RDP endpoints.