what is a canary in cyber security

Question

Could someone enlighten me what exactly is Canary in cybersecurity and what it does?

Answer 1

Canary can be a security system based on a cloud, virtual, or a physical device that works very similarly to the honeypot, which is capable to mimic any device in any configuration.

Well, what exactly does a canary does is that they create a duplicate or an exact original copy of the network systems or a computer system or a server which happens to be the likely target for cybercriminals.

So, they effectively trick these black hats to think that this is the original system that houses all those data they require, where in reality this is the sacrificial setup meant as a decoy.

Canaries alert their users immediately once the black hat makes their 1st contact with the canary, in various ways like by sending text messages, notifications, emails, PDF's, etc.

The canaries are different from Honeypot security systems by cutting short the time and effort required to deploy the system onto complex networks which saves an administrator from worrying about deployment as it takes hardly 5 minutes to be in action. Systems like Honeypot and Canaries are used around the world for studying cybercriminals pattern and intrusion techniques which eventually are used to catch them off-guard while attempting to bypass the security measures, by keeping a bait, or a false target and also to distract these cyber criminals from the main target.

These canaries are capable to be in any configuration like a Linux web server, workstation, a router, windows server or etc. the list continues.

Check out our cyber security course to get in-depth knowledge on this career path.