Trip attackers with canary tokens

Why it matters

In every organization, there is confidential information that needs to be kept safe. Canary tokens are an effective and nearly zero-false-positive way to detect breaches. Just like honeypots, they are underutilized due to:

  • Largely manual and labor intensive deployment process
  • Lack of automation to keep the solution up to date
  • Lack of easy results retrieval from a large network of canary tokens

How we can help

  • SensorFleet provides and easy and automated platform for the canary token deployment
  • Automated alerts when canary token files are downloaded
  • Additional visibility to your networks with no need to modify your infrastructure
Canary tokens

Bigger picture

Canary tokens are an effective solution to do lightweight intrusion detection - you will get a notification whenever someone downloads your canary file. If you ever get such an event, the chances are that your network is compromised or someone with legitimate access accidentally found the file and didn't know of it being a canary trap.

The best part is, you're not required to modify your infrastructure. Just plant the canary files, and the SensorFleet solution will alert you and collect the results if a breach occurs.

Our blog post: Using Zeek to find persistent threats by using a canary file
Previous use case Detect lateral movement Next use case Analyze traffic captures

Contact us

Privacy policy »

© SensorFleet Oy
Business ID: 2884312-2


SensorFleet Oy
Teknologiantie 11
90590 Oulu

Sami Petäjäsoja
+358 40 5030745


SensorFleet Oy
Hitsaajankatu 22
00810 Helsinki

Simo Mäkipaja
+358 40 583 3999