Know. When it Matters!

Most companies discover they've been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Check out How our Hardware, VM and Cloud-based Canaries are deployed and ...

Home / Products / Canary

Click above for a quick 3 min video

Why Thinkst Canary?


Tons of security products would be useful, if only you changed everything you did and made them the centre of your universe. This never happens, so they sit half deployed forever. Thinkst Canary doesn’t try to monopolise your time or dominate your thinking. Deploy your birds and forget about them. We will remain silent until you need us most… One alert. When it matters!

How it works?


Order, configure and deploy your Canaries throughout your network. (These can be hardware, virtual or cloud-based birds!) Make one a Windows file server, another a router, throw in a few Linux webservers while you're at it. Each one hosts realistic services and looks and acts like its namesake.

Then you wait. Your Thinkst Canaries run in the background, waiting for intruders.

Attackers prowling a target network look for juicy content. They browse Active Directory for file servers and explore file shares looking for documents, try default passwords against network devices and web services, and scan for open services across the network.

When they encounter a Thinkst Canary, the services on offer are designed to solicit further investigation, at which point they’ve betrayed themselves, and your Canary notifies you of the incident.


Each customer gets their own hosted management console which allows you to configure settings, manage your Thinkst Canaries and handle events.

Your Thinkst Canaries constantly report in, and provide an up-to-the-minute report on their status (but this isn’t another pane of glass that you need to constantly monitor). Even customers with hundreds of Canaries receive just a handful of events per year. When an incident occurs, we alert you via email, text message, slack notification, webhook or old-fashioned syslog.


Last month an attacker compromised one of your users, and has been reading the company chat. Since then, she’s been searching for keywords and embarrassing data. Would you know?

Your lead developer was targeted and compromised at the local Starbucks. Would you notice?

You could, with Canarytokens. Drop our fake AWS-API keys on every enterprise laptop. Attackers compromising your users _have_ to use them, and when they do, they tip their hand…

Canarytokens are tiny tripwires that you can drop into hundreds of places. They follow our Thinkst Canary philosophy: trivial to deploy, with a ridiculously high quality of signal.

Unleash your true potential with the power of Canary!