Why Canary?

How it works?

hacker_process_ie
  • hacker
  • hacker_pc
  • network_pc1
  • network_pc2
  • network_pc3
  • network_pc4
  • network_pc5
  • network_pc6

Order, configure and deploy your Canaries throughout your network. Make one a Windows file server, another a router, throw in a few Linux webservers while you're at it. Each one hosts realistic services and look and acts like its namesake.

Then you wait. Your Canaries run in the background, waiting for intruders.

Attackers prowling a target network look for juicy content. They browse Active Directory for file servers and explore file shares looking for documents, try default passwords against network devices and web services, and scan for open services across the network.

When they encounter a Canary, the services on offer are designed to solicit further investigation, at which point your Canary notifies you of the incident.

Each customer gets their own management console, on which alerts can be reviewed, notifications configured and Canaries managed.

Your Canaries constantly report in, and provide an up to the minute report on their status.

canary_app_ui

Canary Incident: Shared File Opened. Source: 192.169.103.59 Target: dc 104 (10.122.34.5) File: “2016-Tender-Summary.pdf” User: Guest

When an incident occurs, we alert you via email or text message as you prefer.

Manage your alerts in the console, where you can get more information on what triggered the incident.

Pricing

Canary pricing allows you to start immediately, with tiny upfront costs. For under $10k, you get 5 Canaries, a dedicated console, and 5 licences for alerts, support and maintenance.

Got different requirements? Get in touch and we can help with additional Canaries.

  • Canary is simple, brilliant & effective

FAQ

Yes and No.

Honeypots are a great idea. Everyone knows this, so why is almost nobody running them on internal networks? Simple: because with all the network problems we have, nobody needs one more machine to administer and worry about. We know the benefits that honeypots can bring but the cost and effort of deployment always drops honeypots to the bottom of the list of things to do.

Canary changes this. Canaries can be deployed in minutes (even on complex networks), giving you all of the benefits without the admin downsides.

It usually takes less than 5 minutes from unboxing your Canary, to having it ready for action on your network. With just a few clicks, you'll have a high interaction honeypot, and be able to track who’s browsing shares for PDF documents, trying to log into a NAS, or portscanning your network.

Canaries are deployed inside your network and communicate with the hosted console through DNS. This means the only network access your Canary needs is to a DNS server that's capable of external queries, which is much less work than configuring border firewall rules for each device.

Simply choose a profile for the Canary device (such as a Window box, brandname router, or Linux server). If you want, you can further tweak the services your Canary runs. Perhaps you need a specific IIS server version or OpenSSH, or a Windows file share with real files constructed according to your own naming scheme (say, 2016-tenders.xls). Lastly, register your Canary with our hosted console for monitoring and notifications.

Then you wait. Attackers who have breached your network, malicious insiders and other adversaries make themselves known by accessing your Canary. There's little room for doubt. If someone browses a fileshare and opened a sensitive-looking document on your Canary (\\fin_srv_02\Planning\2016_forecasts.xls) you'll immediately be alerted to the problem.

You possibly already do have a problem, you might just not know it. Canary changes that.

No. Canary doesn't do anomaly detection (with machine learning or otherwise) by learning to detect malicious behaviour in day-to-day activity. The Canary triggers are incontrovertibly simple: if someone is accessing your lure-files, or brute-forcing your fake internal ssh server, then you have a problem. Canary uses deceptively simple, but high quality markers of trouble on your network.

You could certainly setup honeypots but, the truth is, most haven't. Why? Two reasons as far as we can tell: most projects have limited protocol support meaning you have to run multiple honeypots to cover a range of common protocols, and monitoring and notifications across multiple honeypots quickly becomes tricky especially if you want to have many honeypots scattered around your network.

Canary makes this easy; we have multiple protocols supported out-of-the-box, and our hosted console gives you effortless monitoring and notifications.

We have a console, and we think it's pretty, but we really don't want you to spend much time on it. After you setup your Canaries you forget about the whole thing completely. When one of your Canaries chirp, only then do you attend to the problem.

If your Canary can get off just one alert (and it really should) then your console far away is going to log and alert on this. Whatever happens to the Canary after that won't matter since it stores nothing of value.

Identification will require active interrogation of the devices, and we detect common methods for fingerprinting then alert. After that, even if the attacker correctly identifies a Canary, you know they're looking and can investigate further.

Thinkst Canary is a unique product. Our name, however, is not related to any of the following trademarks:

ARKCANARY
BIG CANARY MUSIC
BLUE CANARY HANDELSBOLAG
CANARY (COMPUTER TRANSLATIONS)
CANARY (HOME SECURITY)
CANARY (NUMBER PLATES)
CANARY (OPTICAL)
CANARY (PSYCHOMETRICS)
CANARY (RADON DETECTORS)
CANARY (SOUND CHECKING)
CANARY (WIRELESS ANTENNAS)
CANARY AIR QUALITY ASSUR‐ ANCE
CANARY AUDIO
CANARY COMMUNICATIONS
CANARY CONNECTION
CANARY DIAMOND MUSIC AB
CANARY ENTERPRISE UMBERTO PEREZ
CANARY EYEWEAR
CANARY NETWORKS
CANARY PLUS
CANARY SOLAR
CANARY SONGS
CANARY SOUND
CANARY SYSTEMS
CANARY TAXI
CANARY WHARF
CANARY WHARF GROUP
CANARYCODE
CANARYFLOW
CANARYHOUSE
CAT & CANARY
GRAN CANARY INVEST AS
HOUSECANARY
I CANARY ISLANDS
ICANARY
MAX AND THE CANARY
NANOCANARY
NETWORK CANARY
ORANGE CANARY
THE CANARY
THE CANARY ISLANDS LATITUDE OF LIFE
THE CANARY SYSTEM