South African Security firm Thinkst is hoping to give new life to an old idea—the honeypot—in a bid to help organizations detect security breaches and intruders in their private networks. Thinkst's Canary is a simple network appliance and corresponding online monitoring service that makes it easy to set up juicy-looking targets on the corporate LAN that will sound the alarm if any attempt is made to access them.
One of the consistent features of large hacks, such as the late 2013 Target breach, is that attackers have been able to move around their victims' networks to find systems with interesting or valuable data without being detected. From one point of entry—a compromised Web server, say—the hackers perform what's called "lateral movement;" accessing other systems and computers on the same network, discovering new sets of user credentials to gain further access to their victims, and finding valuable information to steal.
This behavior appears to go undetected, giving the attackers weeks or months to learn about their victims and steal vast quantities of sensitive data. It's this lateral movement that Canary is designed to detect, by presenting the hackers with a juicy target that will ring the alarm bell whenever they access it.