What Others are Saying
Complete list of enterprise security products I recommend (evergreen edition):
— ryan huber (@ryanhuber) July 10, 2017
1) @ThinkstCanary
2) @duosec
3) @Yubico
The new @ThinkstCanary Cloud Canaries are amazing: https://t.co/A79bWs9jRF
— Jerry Gamblin (@JGamblin) July 5, 2017
Awesome product and customer service to match! Thanks :)
— Random Guy (@rndmguy) July 20, 2017
Out with the old @ThinkstCanary's and in with the new. If you have not deployed these on your network you are missing a great tool. pic.twitter.com/IVOJTODlQU
— Jerry Gamblin (@JGamblin) February 8, 2017
I have to give a shout out to @ThinkstCanary for being awesome. They not only have a great product but also great people behind it. 🦅
— Joe Parker @ ISSW 2018 (@joesparker) May 15, 2017
Like ❤ and Retweet 🔄 are insufficient! Rock on guys!
— Nate (@heyandy889) January 7, 2017
You may be wondering "does @ThinkstCanary actually work?" Yes. Yes it does. #NoContext
— chort (↙️↙️↙️) (@chort0) August 29, 2016
You could buy a threat intel feed, or you could just buy a canary from https://t.co/DRQ8Py0pmf and know when you’be been breached #CTIJam
— the grugq (@thegrugq) April 20, 2016
If you have networks, and you care about protecting them, go give @haroonmeer some coins for a bag of @ThinkstCanary. They’re ace.
— Ben Hughes (@benjammingh) March 3, 2016
So excited to see how this bird works.
— 𝕭𝖎𝖌𝖌𝖎𝖊 𝕾𝖒𝖆𝖑𝖑𝖘 (@bigendiansmalls) March 27, 2017
cc: @ThinkstCanary @haroonmeer pic.twitter.com/lipkCX0Nhw
just got a demo of @ThinkstCanary by @haroonmeer... HO-LEEE CRAP!!! what a beautifully designed, powerful product #honeypot #infosec
— caseyjohnellis (@caseyjohnellis) February 17, 2017
The only thing more awesome than our Canaries: Our Customers 💕 pic.twitter.com/Yj0dkLfNUP
— Thinkst Canary (@ThinkstCanary) November 16, 2016
Big fan of this tech. High signal, low noise. https://t.co/8ehznGLs8A
— Asylas (@AsylasSecurity) March 6, 2017
1) Guy leaves token'd doc on WebServer (not in document root)
— Thinkst Canary (@ThinkstCanary) January 24, 2017
2) Token is hit from Russian IP Address
Seriously use https://t.co/712OurVlda pic.twitter.com/Ca7US2i4hO
But probably what you actually want is @ThinkstCanary
— Ben Nagy (@rantyben) December 3, 2016
Canary is great.
— Mikko Hypponen (@mikko) June 12, 2016
Our customers are the best! pic.twitter.com/MCOB9JqdHX
— Thinkst Canary (@ThinkstCanary) March 20, 2017
If you don't have canary seriously check it out https://t.co/LypUXqp5xV @ThinkstCanary #infosec #DFIR
— ev0x (@theev0x) January 7, 2017
overall awesome product, though. Highly useful, and covers huge blindspots with minimal effort. A++ would recommend
— Tim McG (@NotMedic) November 27, 2016
Glad to see @thinkstcanary gaining traction. It's a simple but highly effective tool for network defenders. https://t.co/yhmVDaCCQb
— Kenn White (@kennwhite) February 12, 2016
Been chatting to @haroonmeer about @ThinkstCanary. This is super cool, honeypots made ridiculously easy: https://t.co/rfw1CFfHuq
— Troy Hunt (@troyhunt) April 21, 2016
Just did quick and dirty Canary Token demo for a coworker. @haroonmeer the simplicity, flexibility, and power of this tool is inspiring.
— Ean Meyer (@EanMeyer) August 22, 2016
Holy shit this is coolhttps://t.co/QcI9Vj9YBphttps://t.co/BGPuVSlSsS https://t.co/5DlvheBxf7
— Tim Clarnnwell (@TimClarnnwell) January 24, 2017
The devices are great to use to ensure that firewalls/vlan isolation is configured properly. That alone has paid for the deployment.
— Jim Schwar (@jimiDFIR) June 27, 2017
These are brilliant. If I were running an IT shop again, no question I'd have these. https://t.co/qhT2DgZx4t
— it's chris plummer (@chrisplummer) November 30, 2016
Even if you don’t have budget get over to https://t.co/G1gCVjJBXh and use their amazing free service.
— Joe Parker @ ISSW 2018 (@joesparker) May 15, 2017
"Our Canaries are made to look valuable, not vulnerable" ... that's what makes @ThinkstCanary very effective!
— Sherif Eldeeb (@0xdeeb) April 26, 2017
we <3 https://t.co/2Yl7IECi8M
https://t.co/BlDfDoeWe6 <-- This I like! Low friction honeypot devices.
— Phil Huggins (orac) (@oracuk) June 18, 2015
I had some broken @ThinkstCanary's after a power outage and they RMA'ed new ones from South Africa in under 4 days. Amazing support!
— Jerry Gamblin (@JGamblin) June 23, 2017
It was great to finally meet @haroonmeer :) Dude, people only say good things about @ThinkstCanary. Congrats!
— David Barroso (@lostinsecurity) February 17, 2017
Traps, tarpits, and honey tokens just plain work - now available for free at https://t.co/eHXJt2dAD5
— Robr (@sweepthatleg) May 14, 2017
Setting up #honeypots will never be the same with #Canaries. Check out https://t.co/Rm49h7fR1i by @haroonmeer. So cool..
— Nikhil Sreekumar (@roo7break) May 28, 2015
Navixia is now a @ThinkstCanary Partner.
— Navixia SA (@navixia) September 7, 2016
Has your company been breached? Here's the best way to know. https://t.co/dUARDKQsak #itsecurity
Just realized the magic of https://t.co/ZzKm4tSn8W. Splendid work. Thanks for the info mate
— Muhammad Ather (@MuhammadAther88) March 15, 2017
1. BeyondCorp: Not easy, or for everyone, but I love the idea.
— Adrian Sanabria (@sawaba) August 11, 2017
2. Canaries https://t.co/SD023OF9y3
The @ThinkstCanary device is a thing of beautiful uncomplicated simplicity. Thoroughly enjoying putting it through its paces
— Roshan Harneker (@roogle) August 2, 2017
It has to be said that @duosec, @ThinkstCanary and @XipiterSec are all proof that hackers *can* actually build excellent defensive tech.
— Patrick Gray (@riskybusiness) June 8, 2016
Get https://t.co/DRQ8Py0pmf, it can’t protect against shitty security products but at least you’ll know they failed https://t.co/srBDQS8bW1
— the grugq (@thegrugq) June 29, 2016
Seems like this would generate huge quantities of false positives. A @ThinkstCanary or 10 would usually be a better, less verbose, solution. https://t.co/3uFTmyLcpa
— Andrew Fraser (@Arfness) September 30, 2017
Stopped by @ThinkstCanary's booth at #Infosec17: cool product and nice folks « worth a visit.
— Marco Cova (@marco_cova) June 7, 2017
https://t.co/cMeTR95ynR - done.
— the grugq (@thegrugq) October 2, 2017
Set aside an hour to setup my new @ThinkstCanary ... not sure what I'm going to do with the other 55 minutes.
— 𝕭𝖎𝖌𝖌𝖎𝖊 𝕾𝖒𝖆𝖑𝖑𝖘 (@bigendiansmalls) March 4, 2018
Im not sure. Never really thought about or tried this angle as a larger industry initiative. I mostly just recommend https://t.co/dsnqFvwAvi
— Jeremiah Grossman (@jeremiahg) September 19, 2017
@ThinkstCanary should be in here too @haroonmeer et al are amazing folks
— nj (@sec_nj) September 29, 2017
CanaryTokens FTW!
— Steve Lodin (@stevelodin) March 4, 2018
+100 on the fake AWS creds feature from the @ThinkstCanary team. Super useful insight as we showed at ReInvent. https://t.co/bytTYOZ3uo
— Mark Hillick (@markofu) January 4, 2018
On the job for 2 weeks and already earned its keep. (Detect prowlers before it's too late)https://t.co/iTMhn5ybZp pic.twitter.com/1YAuXkgeB2
— Thinkst Canary (@ThinkstCanary) June 23, 2015
Just watched the whole 19mins webinar. Give us a call on +44 1224 516181. We are interested. Thank you.
— TheTechForce (@TheTechForceUK) October 28, 2017
Of course they also use the awesome Canary Tokens from @ThinkstCanary https://t.co/WQfgBN5j5g
— Carl Gottlieb (@CarlGottlieb) June 29, 2016
Best product I use is @duosec. I'm impressed by @signalsciences and https://t.co/dgTPG0CGws. https://t.co/uV3FM9wqcI
— Alex Stamos (@alexstamos) September 30, 2017
Super excited about deploying a few Canaries around the network next year. @ThinkstCanary
— Evan Wathington (@ewathington) December 22, 2016
I've heard some great things about these enterprise-focused honeypots: https://t.co/08TlZvLPqM @dcept905
— Aaron Hnatiw 🔎 (@insp3ctre) April 3, 2016
There's a good reason that smart security-folk rate Thinkst Canary highly. If you are in Vegas for BH/DC & want to know more, drop us a note pic.twitter.com/ojiTy25o9I
— Thinkst Canary (@ThinkstCanary) July 23, 2017
The world should be using canary tokens more often. Lots of fun applications. https://t.co/fycNHpI88Q H/t @Maliciouslink
— Jason Syversen (@JSyversen) April 15, 2016
I’ve seen it and use it, it’s fantastic. The canary, though, as a drop in hardware device for corp/other networks is pretty fantastic, one of the best/easiest configurationsI’ve ever seen.
— 𝕭𝖎𝖌𝖌𝖎𝖊 𝕾𝖒𝖆𝖑𝖑𝖘 (@bigendiansmalls) March 4, 2018
Great feature.
— Sakhi Louw (@sakhi_louw) January 29, 2018
Oh, of course @ThinkstCanary for exactly the same reason.
— Jeremiah Grossman (@jeremiahg) September 29, 2017
very cool @ThinkstCanary . Nothing like that feeling when you see a new text coming in from your token :D https://t.co/nqVreUhe3J
— John Lampe (@f00dikator) August 1, 2017
Love them too. And tokens! Tons of tokens is key.
— John Woods (@zenbanjoman) September 26, 2017
has done more to genuinely evangelize the value of deception than most other ‘leading vendors’. Kudos to him and @ThinkstCanary https://t.co/fxCD0hI7Hl
— Sahir Hidayatullah (@sahirh) September 26, 2017
hehehehe. I love canary tokens @ThinkstCanary pic.twitter.com/TVC3OT1Ilo
— Robert Pritchard (@TheCyberSecExp) March 30, 2017
someone who makes solving hard problems easy for the end-user
— caseyjohnellis (@caseyjohnellis) September 29, 2017
if you haven't checked out https://t.co/IJCuzs0bM5 by @haroonmeer and crew yet, you really should.
— caseyjohnellis (@caseyjohnellis) October 22, 2015
wow @ThinkstCanary tokens are cool, especially signed binaries. very sneaky technique :D
— InfoSec Spy ❆ (@InfoSecSpy) February 27, 2017
Here's what other smart people say about @ThinkstCanary (140 character testimonials)https://t.co/khEX7bGS8D
— haroon meer (@haroonmeer) August 18, 2017
As a current customer I highly recommend the @ThinkstCanary. You won’t initially think it’s doing much of anything until it does and uncovers a quagmire of a situation you didn’t know you had (speaking from experience here)
— Roshan Harneker (@roogle) February 18, 2018
Really enjoy @ThinkstCanary - they work hard to do a lot with very little!
— BuildItBenjamin (@liddy_io) October 18, 2017
Hearing a lot about @ThinkstCanary lately. Have been considering giving them a call for a couple of our projects. We already work with Duo, strong reco to see them side by side from @thegrugq. https://t.co/rPdRGLqlbF
— Jenn Shaw (@JenniferVShaw) February 14, 2018
btw, @ThinkstCanary support is as awesome as their product. unfortunately i had to test it, and have been extremely impressed.
— randy bush (@enoclue) March 3, 2018
and i sure sleep better at night with a bird on the wire.
Canary is one of the most useful tools ever
— Shane (@Shane_in_SC) January 8, 2018
https://t.co/cMeTR8NWZh <-- get on it. https://t.co/QlZgfCLFtI
— the grugq (@thegrugq) November 19, 2016
1) fill it with a bunch of @haroonmeer 's https://t.co/P57Ip15pfH
— Stephen A. Ridley (@s7ephen) October 1, 2017
2) hide under keyboard or in laptop bag
3) waithttps://t.co/7gCBlSI51n
Their product is not only beautiful in its simplicity/use - but they treat customers and do things as a business with the utmost integrity
— nj (@sec_nj) September 30, 2017
It’s tough to beat Authentic feedback.
— Thinkst Canary (@ThinkstCanary) December 7, 2017
Even during PoC’s, Canaries wreck Intruders. pic.twitter.com/GnZZajD8fN
Check out the free Canary Tokens too, we probably all have ways of using these: https://t.co/e0ZFC4LV7N
— Troy Hunt (@troyhunt) April 21, 2016
IMHO, Thinkst is the hottest little security company and technology you’ve never heard of. https://t.co/DdkCZcUtoM
— Jeremiah Grossman (@jeremiahg) September 25, 2017
Someone asked me what sports team the @ThinkstCanary beanie I was wearing represented. I replied, "Not exactly a sports team, but they kick ass at defensive strategies all the same."
— Thoave (@Hogosec) December 2, 2017
Enterprise security products that are awesome and you should try:
— Security Generation (@securitygen) August 21, 2017
1) @Cloudflare
2) @Dome9
3) @duo_labs
4) @ThinkstCanary
5) @Yubico
@duosec & https://t.co/wVAo6F7HrL both for ease of deployment and use.
— Carl ✶ Cosmos (@cillic) September 29, 2017
Been experimenting with some @ThinkstCanary files for my personal laptop. So easy to use, and well worth leaving a few about. #Canary #Honey
— Mattasploit (@Mattasploit) July 17, 2017
Layers can include APIs, hostnames, symbols, AWS creds, & resource canaries... have fun with them — @collinrm #cmeasurecon https://t.co/pEgiU2REh0 pic.twitter.com/62lpKntIS9
— Kelly Shortridge (@swagitda_) November 10, 2017
Also, early detection as a huge plus, but yeah, canary tokens are pretty good for defence.
— shubs (@infosec_au) January 4, 2018
Canary - a honeypot service for your company, that's actually pretty cool! https://t.co/GvsafwFE7V
— David Wong (@cryptodavidw) November 8, 2017
Upgrading from @ThinkstCanary V1 to V2 is almost the easiest upgrade you will ever have to do.
— Joey Pistone (@daguy666) September 12, 2017
I love what @ThinkstCanary is doing. Such a simple and inexpensive tool that’s surprisingly disruptive.
— Chad Loder (@chadloder) February 22, 2018
good list, and big +1 for @ThinkstCanary. @haroonmeer is a “product whisperer”
— caseyjohnellis (@caseyjohnellis) September 29, 2017
There is so much truth in that post, And I couldn't agree more.
— Joey Pistone (@daguy666) July 27, 2017
Not everything is APT and not every APT is sophisticated. Focus on practicing basic IT governance — asset management, patching, network segmentation, least privilege, 2FA, logging... drop in some @ThinkstCanary. Make them work to earn their pay https://t.co/jyh03VNNqY
— the grugq (@thegrugq) January 8, 2018
It’s time to start accepting that your NSM infrastructure is incomplete if you aren’t leveraging honeypots for detection. #DFIR
— Chris Sanders (@chrissanders88) August 17, 2016
You will see them coming when they breached your (fire)wall https://t.co/ZhaPzXoKQG #honeypot #SecOps
— Stephan H. Wissel (@notessensei) September 18, 2017
http://t.co/Z3DUr4a76o cries for help when hacked! Great work @azhrdesai @haroonmeer @marcoslaviero #OpenCanary https://t.co/PC5ADMOD25
— TROOPERS Conference (@WEareTROOPERS) September 19, 2015
Super pumped to play with this stack of @ThinkstCanary. pic.twitter.com/97e2osCDXt
— Jerry Gamblin (@JGamblin) November 30, 2016
Imagine all the fun those Blue Teams will have with their @ThinkstCanary birds over Christmas! pic.twitter.com/1yGpBzJC7c
— Navixia SA (@navixia) November 30, 2017
Yeah those canaries are great. I talk about them a little too much. It’s because this kind of stuff works.
— ./tmp/RENEGADE (@mosesrenegade) September 26, 2017
How many other "security products" are positively evaluated when anyone with a clue looks at them? https://t.co/eswEUT4KG6
— halvarflake (@halvarflake) March 28, 2018
For those in China using Apple iCloud, i highly recommend using some canary tokens in icloud documents now that GCBD is operating the storage and maintaining of your data.
— Bʀʏᴀɴ (@bry_campbell) March 16, 2018
🐦https://t.co/2OhocQy1q7
The concept and use of canary tokens has made me very hesitant to use credentials gained during an engagement, versus finding alternative means to an end goal. If the aim is to increase the time taken for attackers, canary tokens work well.
— shubs (@infosec_au) January 4, 2018
Not your everyday honeypot https://t.co/dGZ3CaelbY @thinkstcanary
— Zaheer Ismail (@ZaheerIsmail) March 7, 2017
Everyone should have one : https://t.co/LFkfLAISN5
— Daniel San (@RouteReflector) February 3, 2017
Don’t think, just get them ;). I was a former customer (changed roles). What will you get from them?
— Mickey P (@MickeyPerre) February 15, 2018
The best support, easy interface, great price and the most accurate alert in your environment. #canarylove
Enjoyed the @riskybusiness podcast that showcased @ThinkstCanary. Cool tools made by seemingly humble / smart folks just solving problems.
— W. David Winslow (@wdwinslow) August 19, 2016
I actually used canary tokens to determine that someone was snooping on a private email exchange between lovers. Wasn't able to figure out who, but did get their geolocation. #TrueStory Thanks, CanaryTokens! https://t.co/VuhDuOKIZb
— David Holmes (@dholmesf5) March 27, 2018
The two spends I’d do to increase resilience for less than one blinkenlights magic bullet cybersecurity solution?
— the grugq (@thegrugq) February 13, 2018
- @duosec 2FA all the things
- @ThinkstCanary gain visibility on when you get penetrated
Lots more I’d do w/ Canary Tokens, but that’s custom work g@comae.io 😄
https://t.co/dVe2CEG07k is a really cool product. Simple and straightforward. Get to know first when your line of defense fails.
— Matt Suiche (@msuiche) October 3, 2017
If you haven't discovered canary tokens yet, why not start today? And then spend the rest of the day planting tripwires all over your network. https://t.co/SLhVtxUQrK
— Robert Pritchard (@TheCyberSecExp) December 19, 2017
Similar to a honeypot, but easier to setup and virtually zero false positives, get Canary for your office network: https://t.co/eOWIqTa5uv
— 0lmy (@custodietipsos) November 22, 2017
less than 1hr into our internal pentest last week and the @ThinkstCanary were shouting at them. Love it.... #justworks @ronnieapteker @haroonmeer
— Just George (@therealgeorge) December 8, 2017
love @ThinkstCanary https://t.co/4ioh9Sm2hz website ... altho slightly modified my .ini to collect hashes instead pic.twitter.com/q3FcPIHskW
— Carroll (@n0x00) August 24, 2016
Come for the product, stay for the customer service
— mimeframe (@mimeframe) August 18, 2017
Just quality @ThinkstCanary @BHinfoSecurity #2birdsinthehand pic.twitter.com/6qJvgX7PCz
— switt (@_switt_) August 29, 2017
with canary i feel really safe thank you @haroonmeer#canary pic.twitter.com/il5ODWBdkl
— جمال اليافعي (@GrayFiber) December 12, 2017
+1. We ❤️ our Canaries. https://t.co/Qde8vF9W2v
— (((Jonathan Levine))) (@JonMLevine) September 25, 2017
Amazing solution and service. Love @ThinkstCanary
— C:\Users\Tulpa (@tulpa_security) August 20, 2017
Part of the problem here is that Canary is run by smart, forward thinking people who want to build demonstrable long term customer value. Thankfully this madness is rare in our industry.
— I didnt choose the bug life, the bug life chose me (@stevelord) March 28, 2018
Yes. In the DC Cisco Tetration would flag unusual traffic, in the wider estate @ThinkstCanary FTW
— David Williamson (@WilliamsonDubai) December 10, 2017