Know. When it Matters!

Most companies discover they've been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Check out why our Hardware, VM and Cloud-based Canaries are deployed and loved on all 7 continents...

Canary Console

What people say about Thinkst Canary

It’s pretty rare to find a security product that people can tolerate. It’s near impossible to find one that customers love. You can find a selection of unsolicited tweets and emails on our Thinkst Canary here.

Complete list of enterprise security products I recommend (evergreen edition):

1) @ThinkstCanary

2) @duosec

3) @Yubico

Their on-prem canary is one of the only things that caught me right away in post-exploitation without my knowing I was burned. Solid concept and product.

I have to give a shout out to @ThinkstCanary for being awesome. They not only have a great product but also great people behind it. 🦅

Don’t think, just get them ;). I was a former customer (changed roles). What will you get from them? The best support, easy interface, great price and the most accurate alert in your environment. #canarylove

If you have networks, and you care about protecting them, go give @haroonmeer some coins for a bag of @ThinkstCanary. They’re ace.

+1. We ❤️ our Canaries.

Why Thinkst Canary?

Because thousands of ignored alerts help nobody!

Tons of security products would be useful, if only you changed everything you did and made them the centre of your universe. This never happens, so they sit half deployed forever. Thinkst Canary doesn’t try to monopolise your time or dominate your thinking. Deploy your birds and forget about them. We will remain silent until you need us most…

One alert. When it matters!

How it works?

Your Thinkst Canaries

Order, configure and deploy your Canaries throughout your network. (These can be hardware, virtual or cloud-based birds!) Make one a Windows file server, another a router, throw in a few Linux webservers while you're at it. Each one hosts realistic services and looks and acts like its namesake.

Then you wait. Your Thinkst Canaries run in the background, waiting for intruders.

Attackers prowling a target network look for juicy content. They browse Active Directory for file servers and explore file shares looking for documents, try default passwords against network devices and web services, and scan for open services across the network.

When they encounter a Thinkst Canary, the services on offer are designed to solicit further investigation, at which point they’ve betrayed themselves, and your Canary notifies you of the incident.

Your Console

Each customer gets their own hosted management console which allows you to configure settings, manage your Thinkst Canaries and handle events.

Your Thinkst Canaries constantly report in, and provide an up-to-the-minute report on their status (but this isn’t another pane of glass that you need to constantly monitor). Even customers with hundreds of Canaries receive just a handful of events per year. When an incident occurs, we alert you via email, text message, slack notification, webhook or old-fashioned syslog.


Last month an attacker compromised one of your users, and has been reading the company chat. Since then, she’s been searching for keywords and embarrassing data. Would you know?

Your lead developer was targeted and compromised at the local Starbucks. Would you notice?

You could, with Canarytokens. Drop our fake AWS-API keys on every enterprise laptop. Attackers compromising your users _have_ to use them, and when they do, they tip their hand…

Canarytokens are tiny tripwires that you can drop into hundreds of places. They follow our Thinkst Canary philosophy: trivial to deploy, with a ridiculously high quality of signal.

The concept and use of canary tokens has made me very hesitant to use credentials gained during an engagement, versus finding alternative means to an end goal. If the aim is to increase the time taken for attackers, canary tokens work well.


@ThinkstCanary Great products that work, easy and quick to install and provide real value.

Canary pricing allows you to start immediately, with tiny upfront costs. An annual subscription of $7,500, gets you 5 Canaries, your dedicated hosted Console, your own Canarytokens server, as well as all our support, maintenance and upgrades. Transparent and simple pricing for a solution that just works.

Play around with the numbers and generate a no-commitment quote online.

Generate a quote online