Introducing our newest creation: Thinkst Canary!

Today we are super proud to bring you our newest creation: Thinkst Canary. We have been working on it for months and it feels really good to finally have it out there.. You can check it out at:


You can watch some of the thinking behind it here:

You can watch it in action here:


The videos were made with our early prototypes. The release birds are much much prettier!


We think its insane that organizations that spent millions of dollars on cyber security took months (or years) to realize that they were breached. We think Canary fixes this elegantly and manages to do this at a super reasonable price-point. We have spent ages adding features, stripping features and making it a pleasure to use.

Even on super complex networks, it takes just 5 minutes to get up and running (with enough time to make yourself a cup of coffee). With such a low rate of effort, we believe everyone should be running Canary. Please drop us an email (canary@thinkst.com) if you have any questions at all on it.

Comments

  1. Anonymous1 June 2015 at 05:48

    The second link under: "You can watch it in action here:" isn't rendering any video only audio.
    The first video was fine.

    ReplyDelete
  2. dunsany1 June 2015 at 10:50

    So, it's a honeypot.

    ReplyDelete
    Replies
    1. MH16 July 2015 at 05:41

      Hi Dunsany..

      The short answer is: Yes.. it is..

      The (slightly) longer answer is: Its a honeypot that will actually be used/add value (since you are able to get quality results with just 3 minutes of setup).

      Delete

Post a Comment

Popular posts from this blog

Simple Graphs with Arbor.js

Image
We recently released a tool at http://cc.thinkst.com to capture and collect infosec conference details. We commented on it [ here ]. One of the cooler components of it, is the ability to view the relationships between speakers/researchers who have collaborated. This post is a quick introduction to the library we used to build our graphs, with enough info to get you up and running in minutes. As I mentioned, we use ArborJS library which is a a graph visualization library using web workers and the popular jQuery . The API is really well documented [ here ] but like most people, I learn best by example (and there are precious few of these). Hopefully this post will fill that niche, and by the end of it you should have a basic understanding of how to use arbor.js in your project. Our Aim: We will be building a simple contrived example as seen in the image above. Project setup : Create a new html page and include script references to the following libraries (Download them from the links...
Read more

Using the Linux Audit System to detect badness

Image
Security vendors have a mediocre track record in keeping their own applications and infrastructure safe. As a security product company, we need to make sure that we don’t get compromised. But we also need to plan for the horrible event that a customer console is compromised, at which point the goal is to quickly detect the breach. This post talks about how we use Linux's Audit System (LAS) along with ELK (Elasticsearch, Logstash, and Kibana) to help us achieve this goal. Background Every Canary customer has multiple Canaries on their network (physical, virtual, cloud) that reports in to their console which is hosted in AWS. Consoles are single tenant, hardened instances that live in an AWS region. This architecture choice means that a single customer console being compromised, won’t translate to a compromise of other customer consoles. ( In fact, customers would not trivially even discover other customer consoles, but that's irrelevant for this post. ) Hundreds of consoles runn...
Read more

Good UNIX tools

Image
aka:   Small things done well  We spend a lot of time sweating the details when we build Canary. From our user flows to our dialogues, we try hard to make sure that there’s very few opportunities for users to be stuck or confused. We also never add features just because they sound cool. Do you “explode malware”? No.  Export to STYX? No.  Darknet AI IOCs? No. No. No..  Vendors add rafts of “check-list-development” features as a crutch. They hope that one more integration (or one more buzz-word) can help make the sale. This is why enterprise software looks like it does, and why it’s probably the most insecure software on your network. This also leads to a complete lack of focus. To quote industry curmudgeon (and all around smartypants) Kelly Shortridge : " it is better to whole-ass one thing than to half-ass many" . We feel this deeply. Most of us cut our teeth on UNIX and UNIX clones and cling pretty fastidiously to the original Unix philosophies ¹ : Make each...
Read more