Thinkst Blog

This month we’re ready to release our first major Canary Console overhaul. We’ve obviously pushed updates to Canary and the Console weekly for almost 5 years but this is the first time we’ve dramatically reworked the Console. Contrary to a bunch of other products, we don’t want to be your single  pane of glass, and work really hard to make sure that most customers never have to spend time in their Console at all. But our beefed up Console offers you a bunch of  fresh possibilities, and we figured we’d introduce some of them here. What’s different? The first thing that a new user should notice, is that it doesn’t feel that different to the old Console. It has a new coat of paint, and some things look slicker, but it feels like just a slight visual upgrade on the original Console. This is completely by design, and belies a bunch of changes beneath the surface. It’s practically a trope that just as users become familiar with a product, the vendor drastically alters the user inter...

INTRODUCTION Continually refining our security operations is part and parcel of what we do at Thinkst Canary to stay current with attacker behaviours. We’ve previously written about how we think about product security (where we referenced earlier pieces on custom nginx allow-listing , sandboxing , or our fleet-wide auditd monitoring). Recently we examined our exposure to API key leakage, and the results were unexpected. THIRD PARTY API KEYs Like most companies, we use a handful of third-party providers for ancillary services. And, like most providers, they expose an API and give us an API key. A short time back as part of an exercise in examining our internal controls relating to third-party API keys we asked: has an attacker grabbed this key? has she actually used this key ? what did she do with this key? It turns out that even really popular service providers, by default, provide very crumby answers to these questions.  That’s quite a conclusion to reach . To be clear, most pro...

A decade ago, Steve Jobs sat down at the D8 conference for an interview with Kara Swisher and Walt Mossberg . What followed was a masterclass in both company and product management. The whole interview is worth watching, but I thought there were a few segments that stood out. Caveat: Any time someone talks about a tech-titan, there’s reflexive blowback from parts of the tech community: “ He wasn’t really an engineer ”, “ He wasn’t really... ” - This post will ignore all of that. Even if you strongly dislike him, there are lessons to be learnt here. Let’s begin... What matters most: The interview starts with Kara and Walt congratulating Jobs, because Apple had just bypassed Microsoft in Market Capitalization . Right out of the gate, Jobs makes it clear: It’s surreal to anyone who knows the history, but: Jobs: It doesn’t matter very much... it’s not what’s important.. it’s not why any of our customers buy our products.. It’s good for us to keep that in mind, remember what we’re doing an...

aka:   Small things done well  We spend a lot of time sweating the details when we build Canary. From our user flows to our dialogues, we try hard to make sure that there’s very few opportunities for users to be stuck or confused. We also never add features just because they sound cool. Do you “explode malware”? No.  Export to STYX? No.  Darknet AI IOCs? No. No. No..  Vendors add rafts of “check-list-development” features as a crutch. They hope that one more integration (or one more buzz-word) can help make the sale. This is why enterprise software looks like it does, and why it’s probably the most insecure software on your network. This also leads to a complete lack of focus. To quote industry curmudgeon (and all around smartypants) Kelly Shortridge : " it is better to whole-ass one thing than to half-ass many" . We feel this deeply. Most of us cut our teeth on UNIX and UNIX clones and cling pretty fastidiously to the original Unix philosophies ¹ : Make each...

In March we moved from Groove to Zendesk - with this migration our Knowledge Base (KB) moved also. The challenge we faced was name-spacing - KB articles hosted on Groove were in the name-space  http://help.canary.tools/knowledge_base/topics/ , but the namespace /knowledge* is reserved on Zendesk and is not available for our use. This forced us to migrate all KB pages to new URLs and update the cross-references between articles.  This addressed the user experience when one lands at our KB portal  by clicking a valid URL or when typing https://help.canary.tools in a browser. What isn’t resolved though, is thousands of Canaries in the field that have URLs now pointing to the old namespace. We design Canary to be dead simple, but realise that users may sometimes look for assistance. To this end, the devices will often offer simple “What is this?” links in the interface that will lead a user to a discussion on the feature. With the move (and with Zendesk stealing the n...