You can detect attackers long before they dig in
It takes less than 5 minutes from unboxing to get it ready for action on your network.
No additional costs for administrative and support staff, infrastructure
Nearly 0 false positives
One alert. When it matters.
Фізичне, хмарне та віртуальне розгортання
Order, configure and deploy your Canaries throughout your network. These can be hardware, virtual or cloud-based "birds." Make one a Windows file server, another a router, throw in a few Linux webservers while you're at it. Each one hosts realistic services and looks and acts like its namesake.
Just wait. Your Canaries run in the background, waiting for intruders.
When attackers start raving after your network, they encounter a Canary. Trying to obtain information from them, intruders will betray themselves (their IP address or even the the user's password stolen before.) Canary will immediately notify you of the incident.
Each customer gets their own hosted management console which allows you to configure settings, manage your Canaries and handle events..
Your Canaries constantly report in, and provide an up-to-the-minute report on their status, but you don't need to constantly monitor them. Even customers with hundreds of Canaries receive just a handful of events per year. When an incident occurs, we alert you via email, text message, slack notification, webhook or old-fashioned syslog.
Many customers rarely visit their consoles after setup. You can be notified in a convenient way and on time. And this is important. More and more users prefer to get notifications on Slack, Microsoft Teams or Telegram.
Integration with Slack, Hipchat or Microsoft Teams is as easy as a few clicks via user's console. There is a special Telegram bot, which can help you with integration to receive instant messages.
Isn't this just a honeypot?
Yes and No.
Honeypots are a great idea. Everyone knows this, so why is almost nobody running them on internal networks? Simple: because with all the network problems we have, nobody needs one more machine to administer and worry about. We know the benefits that honeypots can bring but the cost and effort of deployment always drops honeypots to the bottom of the list of things to do.
Canary changes this. Canaries can be deployed in minutes (even on complex networks), giving you all of the benefits without the admin downsides.
How easily can they be deployed?
It usually takes less than 5 minutes from unboxing your Canary, to have it ready for action on your network. With just a few clicks, you'll have a high interaction honeypot, and be able to track who’s browsing shares for PDF documents, trying to log into a NAS, or port scanning your network.
Canaries are deployed inside your network and communicate with the hosted console through DNS. This means the only network access your Canary needs is to a DNS server that's capable of external queries, which is much less work than configuring border firewall rules for each device.
No. Canary doesn't do anomaly detection (with machine learning or otherwise) by learning to detect malicious behavior in day-to-day activity. The Canary triggers are incontrovertibly simple: if someone is accessing your lure-files, or brute-forcing your fake internal ssh server, then you have a problem. Canary uses deceptively simple, but high-quality markers of trouble on your network.
You can certainly setup honeypots but, the truth is, most people don't need. Why? Two reasons as far as we can tell: most projects have limited protocol support meaning you have to run multiple honeypots to cover a range of common protocols, and monitoring and notifications across multiple honeypots quickly becomes tricky especially if you want to have many honeypots scattered around your network.
Canary makes this easy; we have multiple protocols supported out-of-the-box, and our hosted console gives you effortless monitoring and notifications.
If your Canary can get off just one alert (and it really should) then your console far away is going to log and alert on this. Whatever happens to the Canary after that won't matter since it stores nothing of value.
Identification will require active interrogation of the devices, and we detect common methods for fingerprinting then alert. After that, even if the attacker correctly identifies a Canary, you know they're looking and can investigate further.
Canary is delivered as SaaS. The company providing the service is liable under the law. For Ukrainian clients 10Guards is a party to the agreement. The hardware device got certified in Ukraine and registered by the National Commission for the State Regulation of electronic communications. Defective devices are replaced with new ones without extra payments.
Last month an attacker compromised one of your users, and has been reading the company chat. Since then, she’s been searching for keywords and embarrassing data. Would you know?
Your lead developer was targeted and compromised at the local Starbucks. Would you notice?
You could, with Canary tokens. Drop our fake AWS-API keys on every enterprise laptop. Attackers compromising your users _have_ to use them, and when they do, they tip their hand…
Canary tokens are tiny tripwires that you can drop into hundreds of places.
I have to give a shout out to
for being awesome. They not only have a great product but also great people behind it. 🦅
Their on-prem canary is one of the only things that caught me right away in post-exploitation without my knowing I was burned. Solid concept and product.
IMHO, Thinkst is the hottest little security company and technology you’ve never heard of.
If you have networks, and you care about protecting them, go give @haroonmeer some coins for a bag of @ThinkstCanary. They’re ace.
btw, @ThinkstCanary support is as awesome as their product. unfortunately i had to test it, and have been extremely impressed. and i sure sleep better at night with a bird on the wire.
Don’t think, just get them ;). I was a former customer (changed roles). What will you get from them?
The best support, easy interface, great price and the most accurate alert in your environment. #canarylove