I recently spoke at a Charleston ISSA meeting about using honeypots as an effective part of an organization’s network security monitoring strategy. I devote an entire chapter to this in the Applied NSM book.
You can view the slides from this presentation here: