SA-based Thinkst recently unveiled Canary, a honeypot appliance that aims to give administrators an early warning when hackers break into their networks.
A starter pack costs $5,000 and includes two Canaries, a dedicated console, and two annual licenses for alerts, support, and maintenance.
The “canary in a coal mine” works by looking like an attractive target: a server or other piece of networking equipment that can easily be hacked.
“Attackers prowling a target network look for juicy content. They browse Active Directory for file servers and explore file shares looking for documents, try default passwords against network devices and web services, and scan for open services across the network,” said Thinkst.
When they encounter a Canary, the services on offer are designed to solicit further investigation, at which point it “chirps”, notifying users of the incident.
Thinkst said it usually takes less than five minutes from unboxing Canary to having it ready on a network.
“With just a few clicks, you’ll have a high interaction honeypot, and be able to track who’s browsing shares for PDF documents, trying to log into a NAS, or port-scanning your network.”
Thinkst said that admins could set up their own honeypots, but most haven’t.
“With all the network problems we have, nobody needs one more machine to administer and worry about. We know the benefits that honeypots can bring, but the cost and effort of deployment always drops honeypots to the bottom of the list of things to do.”