The First Enterprise Solution In Its Class

NetCanary™ has been designed from the ground up to be a true enterprise-ready solution to detecting the activities of advanced adversaries. Created by a team of network and security specialists who have spent their careers managing highly-critical, high-availability enterprise networks, NetCanary™ is a perfect complement to existing enterprise security controls.

From its ease of deployment to its (optional) integration with most enterprise authentication systems and SIEMs, NetCanary™ is ready to help you protect your most critical assets. The web-based NetCanary Nest™ provides visibility into, and centralized management of, the entire NetCanary™ infrastructure.

Catch Your Adversaries Before They Pivot

NetCanary™ is designed to catch suspicious behavior earlier than other detective controls, and more accurately. It has been successful in detecting malicious activity during the Reconnaisance phase of the Cyber Kill Chain®, as early in the attack process as possible, giving you and your security team the advanced notice you need to launch an effective and timely response.

Straightforward, Secure Architecture

The NetCanary™ system is comprised of two components: the NetCanary™ appliances and the NetCanary Nest™ (the "Nest"). NetCanaries are deployed throughout your networks and provide monitoring and detection functions; the Nest is the console used for central management and configuration of the NetCanaries. Access to the Nest can be integrated with common enterprise authentication systems - Active Directory, RADIUS/TACACS, and LDAP authentication is currently supported, and other authentication mechanisms are available as custom additions.

Communication between the NetCanaries and the Nest is always initiated by the NetCanaries themselves, and always uses HTTPS with client certificates. This communications architecture was specifically designed to preserve boundary security models when deploying NetCanaries within high-security networks. Frequency of communication is configurable on a per-NetCanary basis.

NetCanaries issue two types of alerts: chirps, which indicate possible reconnaissance activity that should be investigated, and the more urgent squawks which indicate definite suspicious activity. While the NetCanaries are configured with sensible defaults out of the box, both chirps and squawks can be further tuned to provide a detection system customized for unique environments.

NetCanary alerts may be forwarded to an enterprise SIEM (recommended) or viewed in summary form on the Nest.

Deploy, Refine, Move On

You and your team have better things to do than spend time configuring and managing security appliances. NetCanaries are designed to be low-maintenance and require very little intervention. We take our claim of Near-Zero Configuration™ very seriously. A typical and successful NetCanary installation is one that you forget about until it notifies you of suspicious behavior. Most NetCanaries can be operational within five minutes of powerup.

Should you choose to customize the NetCanary options, you will find an intuitive, flexible menu of options that will give you as much fine-grained control as you desire. Once configured, let the NetCanary do its work, monitoring and alerting you when it detects something that shouldn't be happening.