HardwareDefenseCybersecurity

Object First Honeypot Demo with Geoff Burke

Tech Field Day
Tech Field DayMar 26, 2026

Why It Matters

The built‑in honeypot provides immediate threat detection and a cost‑effective deterrent, strengthening an organization’s security posture before attackers reach critical assets.

Key Takeaways

  • Honeypot feature integrates directly into ObjectFirst appliance dashboard.
  • Enables one‑click activation with static or DHCP IP configuration.
  • Generates real‑time alerts via email, SIEM forwarding, Slack, etc.
  • Emulates vulnerable Windows services to attract and detect attackers.
  • Provides preventive deterrence by exposing honeypot presence to intruders.

Summary

Geoff Burke walked attendees through ObjectFirst’s built‑in honeypot demo, showcasing a turnkey security layer that lives inside the appliance yet remains isolated from production traffic. The feature is activated with two clicks in the Settings → Security menu, offering either a static or DHCP address, and immediately begins logging suspicious activity.

The demo highlighted real‑time visibility: events appear on the dashboard, and administrators can enable email, SIEM forwarding, or Slack notifications to feed alerts into existing monitoring pipelines. Integration with Grafana and InfluxDB was demonstrated, illustrating how raw SIS logs can be visualized and correlated with other telemetry.

During the live test, Burke used ZenMap to scan the honeypot, triggering alerts for protocols such as RDP, SQL Server, and a faux Windows repository. The system not only flagged the probes but also presented them as a decoy, making the IP appear as a high‑value target that quickly reveals its honeypot nature to savvy attackers.

By embedding a realistic Windows service emulation, ObjectFirst gives organizations early warning of reconnaissance attempts while simultaneously deterring further intrusion, all without additional hardware or licensing costs.

Original Description

Senior Technology Advisor Geoff Burke showcases the integrated honeypot functionality built into the Object First appliance. Designed as a digital tripwire, the honeypot is physically hosted on the appliance but logically segmented to ensure security. It serves as an early warning system to detect lateral movement and reconnaissance efforts by attackers who typically probe the network to identify high-value targets. By mimicking juicy targets like a Veeam Windows Repository or SQL Server, the honeypot lures hackers into interacting with it, allowing the system to trigger immediate alerts before the actual backup data is compromised.
The setup process is intentionally simple, requiring only two clicks within the security settings to enable the honeypot with either a static or DHCP IP address. Once active, the system monitors for unauthorized access attempts and can be configured to send notifications via email or Syslog to a Security Information and Event Management (SIEM) platform or tools like Grafana. In a live demonstration, Burke uses the Zenmap utility to perform an "intense scan" against the honeypot's IP. The Object First dashboard immediately lights up with events, capturing the attacker's attempts to probe protocols such as RDP and specialized Veeam services.
The honeypot provides both reactive and preventative benefits for organizations. Reactively, it ensures that IT admins are alerted to an intrusion at any hour—specifically targeting the "Friday night at 2:00 AM" window when many ransomware attacks begin. Preventatively, the visibility of these juicy but fake services can act as a deterrent. A sophisticated hacker who recognizes a cluster of high-value services on a single IP may realize they have hit a honeypot and retreat to avoid further detection. By integrating this feature for free, Object First adds a layer of proactive defense to their absolute immutability strategy, ensuring customers have the tools to stop an attack in its early stages.
Presented by Geoff Burke, Senior Technology Advisor. Recorded live at Tech Field Day Extra at RSAC 2026 in San Francisco on March 23, 2026. Watch the entire presentation at https://techfieldday.com/appearance/object-first-presents-at-tech-field-day-extra-at-rsac-2026/ or visit https://techfieldday.com/event/rsac2026/ or https://ObjectFirst.com/ for more information.

Comments

Want to join the conversation?

Loading comments...