← @kwm Twitter archive



This is basically a commercial for canary data, identities.

1. Understand what you have that the adversary wants.
2. Sprinkle canaries into docs, DBs, file shares.
3. Lie in wait.

Use point solutions like @ThinkstCanary, or DIY using EDR and/or audit logs. https://twitter.com/malcomvetter/status/979811665813299200

3/30/2018, 3:05:20 PM

Favs: 40

Retweets: 21



Over @redcanaryco, we use our File Integrity Monitoring (FIM) capability to enable canary data and/or identities. Again, you can DIY using any tool that provides visibility into file and/or identity activity.

3/30/2018, 3:45:39 PM

Favs: 3

Retweets: 1