Check out our companion blog!

Honeypots and Canary Files: The Tripwires Hackers Don't Know You've Set

Honeypots and canary files are the tripwires that catch attackers before they hit your real network. Here's how to set them up and use them.
Dr. Mike Saylor joins me and Prasanna to break down two of the most underused tools in cybersecurity: honeypots and canary files. These aren't complicated. They're tripwires. And they can tell you a bad guy is poking around your network before anything gets encrypted.

Mike walks through his layered security analogy — why you don't want the first alarm to go off when the threat is already in your face. We cover the three ways organizations use honeypots: learning attacker TTPs, distracting bad guys into thinking they've already won, and running them as a test environment. Then we get into canary files — what makes them different from a honeypot, how they beacon home when someone takes them, and what that means for tracking attackers.

We also cover the practical stuff: how to stand one up without a big budget, what tools exist (including a plug-and-play option), why you need to monitor your honeypot once it's live, and why clock synchronization matters if you ever want your evidence to hold up in court.

And Mike and I have news about our new O'Reilly book, Learning Ransomware Response and Recovery — including a contest where you can win a signed copy.

⏱️ Chapters:
0:00 - Intro and book news
1:09 - Introductions
3:45 - Security is all about layers
9:07 - What are honeypots and canary files?
11:00 - Three ways honeypots work
13:13 - Real-world examples: bait cars and glitter bombs
16:03 - Making your honeypot convincing
19:13 - Honeypot tools and options
21:13 - Something is better than nothing
24:10 - Monitoring and alerts
25:11 - Canary files explained
27:07 - How canary files beacon and track attackers
28:03 - Sync your clocks (NTP matters)
29:02 - Final thoughts

🔗 Learning Ransomware Response and Recovery (O'Reilly): https://oreilly.com/library/view/learning-ransomware-response/9781098169572/
🔗 Also on Amazon: https://www.amazon.com/Learning-Ransomware-Response-Recovery-Stopping/dp/1098169581
🛡️ Stop Ransomware resources: https://www.stopransomware.com
🎙️ Subscribe and listen: https://www.backupwrapup.com