Organizations typically focus on monitoring inbound and outbound network traffic via firewalls, yet ignore internal network traffic due to the complexity involved. In the scenario above, a firewall will not protect or alert us.
By running honeypots on our internal network, we are able to detect anomalous events. We gain awareness and insight into our network when network hosts interact with a Raspberry Pi honeypot sensor. Since there isn’t a good reason to interact with it (since it doesn’t do anything), activity on the Raspberry Pi is usually indicative of something roaming around our network and a possible security breach.
via Create an Army of Raspberry Pi Honeypots on a Budget | ThreatStream.