NetCanary™ Frequently Asked Questions

Why do I need NetCanary?

Advanced adversaries rarely directly target their systems of interest: instead, they frequently breach the security of a device that has more direct access to the target system, and then "pivot" or attack from that better-connected system. In many cases, the adversaries will not know in advance what systems are the most important targets. By establishing a pivot host inside the network, they can perform stealthy reconnaissance as if they were directly connected.

NetCanary is designed to detect this reconnaissance. It will alert whenever a host on its network tries to communicate to a network address that hasn't been assigned to any device. It can also be configured to alert with a higher priorty on any network communications to a user-defined network address range. These alerts provide vital information to network security and incident response teams that a device on the network is communicating in a suspicious manner.

What about false positives?

NetCanary's default settings are designed to minimize false positives, but cannot eliminate them completely. Sensible placement of the NetCanary devices will provide the most effective reduction in false positives: for example, NetCanary appliances perform better the closer they are to the high-value systems you're trying to protect. Configuring the NetCanary appliances to know about network address space that should never be used will also provide high-confidence information to your network security team.

Customization options, including the number of checks to perform before sending an alert, may also aid in reducing false positives in specific network environments. In addition, the alerts are tracked and displayed on the NetCanary Nest™ console, where you may choose to suppress alerts based on source or destination address.

We provide custom installation assistance with every deployment and will work with you to ensure that the NetCanary system provides accurate and timely results.

I can do this already with a variety of other products. Why should I use yours?

NetCanary is the only enterprise-ready, centrally-managed tool specifically designed to detect this suspicious network traffic, and does so with minimal effort and maintenance. Other solutions offer fewer customization options, do not provide turnkey installation and deployment, and/or require extensive ongoing maintenance and operations effort.

NetCanary is designed out of the box to provide ease-of-installation and ease-of-use, with minimal effort required for ongoing support and customization.

How can I learn more about NetCanary / view a demo?

We'd be glad to tell you more about our product. Please contact us for more information or to set up a demonstration.