Haroon Meer from Thinkst discusses the deployment of Canaries on networks, maintaining low false-positive numbers, and the principles behind their business. They also explore detecting network compromises, tactics used by attackers, building mobile apps, disabling vulnerabilities, growing based on customer feedback, becoming international trainers, and the pitfalls of venture capital in building a security company.
Read more
AI Summary
AI Chapters
Episode notes
auto_awesome
Podcast summary created with Snipd AI
Quick takeaways
Canary is a network security tool that mimics vulnerable targets to detect attacks and provide early notifications of compromise.
Canary maintains low false positive rates by analyzing attacker behavior, minimizing noise, and generating actionable alerts.
Canary's success is attributed to its customer-centric approach, delivering value, and cultivating customer relationships.
The company transitioned from hardware to software canaries, simplifying deployment while prioritizing product development over external investments.
Deep dives
Deploying Canaries: Ensuring Network Security
Canary, a network security tool, alerts users when their network has been compromised. It is designed to detect attacks by mimicking vulnerable targets, such as a Cisco router or a Windows server. By strategically placing canaries on a network, intruders are more likely to interact with them, triggering an alert. The goal is to provide early notification of compromise, allowing swift response and mitigation. Canaries can be easily deployed and configured, with low false positive rates, resulting in actionable alerts that help safeguard the network. It is an effective tool for both small businesses and large enterprises.
The Importance of Minimizing False Positives
Canary focuses on maintaining low false positive rates, ensuring that alerts only occur when an actual compromise is detected. By analyzing the behavior of attackers and understanding their typical actions, Canary identifies suspicious activities without generating excessive false alarms. This approach minimizes noise and prevents users from being overwhelmed with irrelevant alerts. With a high signal-to-noise ratio, users can trust that every alert requires attention and immediate action. By addressing the problem of false positives, Canary enables users to prioritize and respond effectively to real threats.
Building Trust and Sustainability in Cybersecurity Products
Canary has gained trust and recognition from customers through its commitment to delivering value and continuously improving its product. By focusing on simplicity, ease of use, and reliability, Canary stands out from other cybersecurity tools. The company intentionally avoids adding unnecessary features or increasing prices on a regular basis. Instead, they prioritize creating a trustworthy product that provides tangible and measurable benefits to customers. The company's ongoing success and growth can be attributed to this customer-centric approach and its ability to deliver on its promises.
The Business Model and Growth of Canary
Canary initially faced skepticism from potential customers, but by continuously refining its product and demonstrating its value, the company gained traction. Customers recognized the importance of deploying canaries to detect network compromises and were willing to invest in the tool. The company has grown organically, relying mainly on inbound sales and customer referrals. With a subscriptions-based model, Canary has never raised prices and remains profitable. By staying focused on customer needs, delivering exceptional value, and cultivating customer relationships, Canary has established itself as a trusted and reliable network security solution.
Building Customer Loyalty through Kindness and Support
The podcast episode explores a company's approach to customer service, emphasizing the importance of showing kindness and support. By offering affordable prices and adding value to their services, the company was able to maintain customer loyalty, even during challenging times. The company extended their support to struggling customers during the COVID pandemic, resulting in long-term customer relationships. The podcast highlights the significance of treating customers with kindness, acknowledging the occasional challenges of encountering abusive behavior. The company's commitment to building lasting relationships is reflected in their focus on product quality and their dedication to helping and caring for their customers.
Streamlining Device Deployment with Software Canaries
The podcast discusses how the company has transitioned from hardware canaries to software canaries, simplifying device deployment for customers. The software canaries are designed to be easily plugged into power and connected to the network, making the process straightforward. Through the use of a custom kernel and a network communication system, the canaries communicate with the central console via DNS, enabling seamless updates and configuration changes. The simplicity and effectiveness of the software canaries have made them a preferred option, while hardware canaries are still popular in certain situations, such as temporary deployments.
Maintaining Focus on Product and Grounding in Security
The podcast episode delves into the company's commitment to maintaining focus on their product and grounding themselves in the security industry. The founders emphasize the value of prioritizing the product over chasing funds or external investments. They highlight the importance of building a quality product that customers genuinely want, rather than relying on funding or external validation as measures of success. The founders express disbelief in the traditional VC model, particularly in the security industry, where bad products can survive longer due to funding proxying as a quality indicator. They advocate for a more product-centric approach and the empowerment of engineers in product development and decision-making.
This week we’re joined by Haroon Meer from Thinkst — the makers of Canary and Canary Tokens. Haroon walks us through a network getting compromised, what it takes to deploy a Canary on your network, how they maintain low false-positive numbers, their thoughts and principles on building their business (major wisdom shared!), and how a Canary helps surface network attacks in real time.
Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today!
Sponsors:
Statsig – Build faster with confidence. Startups to Fortune 500s rely on Statsig to make data-driven decisions. Ship smarter and faster with the unified platform for feature flags, experimentation, and analytics. Our listeners get free white-glove onboarding, migration support, and 5 million free events per month.
Sentry – Watch Lazar Nikolov livestream on YouTube at youtube.com/@nikolovlazar. Use the code CHANGELOG and get the team plan FREE for three (3) months.
Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com