Trip attackers with canary tokens
Why it matters
In every organization, there is confidential information that needs to be kept safe. Canary tokens are an effective and nearly zero-false-positive way to detect breaches. Just like honeypots, they are underutilized due to:
- Largely manual and labor intensive deployment process
- Lack of automation to keep the solution up to date
- Lack of easy results retrieval from a large network of canary tokens
How we can help
- SensorFleet provides and easy and automated platform for the canary token deployment
- Automated alerts when canary token files are downloaded
- Additional visibility to your networks with no need to modify your infrastructure
Bigger picture
Canary tokens are an effective solution to do lightweight intrusion detection - you will get a notification whenever someone downloads your canary file. If you ever get such an event, the chances are that your network is compromised or someone with legitimate access accidentally found the file and didn't know of it being a canary trap.
The best part is, you're not required to modify your infrastructure. Just plant the canary files, and the SensorFleet solution will alert you and collect the results if a breach occurs.
Our blog post: Using Zeek to find persistent threats by using a canary file