Incident Response Services
Penetration Testing Services
IoT Security Services
Training & Certification
Managed Vulnerability Management
Managed Application Security
Managed Detection & Response
Find a Partner
Rapid7 Insight is your home for SecOps, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency.
Insight Cloud Overview Try Now
User Behavior Analytics & SIEM
Orchestration & Automation
Need a hand with your security program? From planning and strategy to full service support, our experts have you covered.
Need immediate help with a breach?
Project Heisenberg began in 2014 with a singular purpose: understand what attackers, researchers, and organizations are doing in, across, and against cloud environments. It does this by deploying low interaction honeypots—or computers that do not solicit services—globally and recording telemetry about connections and incoming attacks to better understand the tactics, techniques, and procedures used by bots and human attackers.
Over the years, Project Heisenberg’s impact has been two-fold: First, it has enabled us to provide a rational, objective assessment of attacker behaviors and their potential impacts. This helps establish relationships with other internet-scale researchers to create forums for collaboration and confirmation when new threats arise. Second, insights extracted from Heisenberg have raised awareness about the depth and breadth of determined attackers, opportunistic attackers, organizational misconfigurations, and what security researchers are poking for on the internet. You can explore these insights in Rapid7 studies such as Off the Chain: Observing Bitcoin Nodes on the Public Internet, The Attacker’s Dictionary, and our Quarterly Threat Reports, and see them put into practice with groundbreaking Attacker-Based Analytics in our InsightIDR product.
The Heisenberg honeypot framework is a modern take on the seminal attacker detection tool: Each Heisenberg node is a lightweight, configurable agent that is centrally deployed using well-tested tools and controlled from a central administration portal. Virtually any honeypot code can be deployed to Heisenberg agents, and all agents send back full packet captures for post-interaction analysis. Currently, we have deployed over 150 honeypots worldwide, across 5 continents.
All interaction and packet capture data is synchronized to a central collector, and all real-time logs are fed directly into Rapid7 products for live monitoring and historical data mining. When an unsolicited connection attempt is made to one of our honeypots, it often calls for further analysis.
Ready to see this research put into practice? Explore intruder traps and Attacker-Based Analytics with a free trial of InsightIDR.
The path to a more secure world starts with sharing knowledge. Contact our researchers to get involved.
In this video, Bob Rudis, Chief Data Scientist at Rapid7, introduces you to the two foundational projects of Rapid7 Labs’ research—Sonar and Heisenberg.
With blockchain’s increasing popularity comes attractiveness to attackers, increased surface area for attacks, and growing challenges for defenders. Are bitcoin nodes behaving badly? Our researchers used Project Heisenberg to find out.
In the Attacker’s Dictionary, our researchers employ Project Heisenberg to delve into the passwords opportunistic attackers use to compromise RDP endpoints.