You are probably right, but ‘both’ is the easy answer I’d think.
The question really was what the intention is, not the effect.
Catching attacks from within the organisation might just be a side-effect of catching remote hackers for example. The effect is then ‘both’, but the intention is the latter.
Why the question deserves a better answer than “why not both” is that the reasoning behind using internal honeypots is interesting. Which arguments speak for it, which against.
So let’s not kill this question thread with a too shallow answer.
The question really was what the intention is, not the effect.
Catching attacks from within the organisation might just be a side-effect of catching remote hackers for example. The effect is then ‘both’, but the intention is the latter.
Why the question deserves a better answer than “why not both” is that the reasoning behind using internal honeypots is interesting. Which arguments speak for it, which against.
So let’s not kill this question thread with a too shallow answer.