.png)
Last week, we launched Tracebit Community Edition - a free version of our security canaries platform.
This was actually a monumental effort from the team, including:
- a complete refactoring to support multi-tenancy in our platform
- shipping our first client side application to Mac, Windows and Linux
- navigating the intricacies of code-signing across the major operating systems
- a complete visual overhaul of our portal
- designing and building a referral system
- third party security reviews and load testing for a new threat model
- new alert email and SSO integrations
In this post, we’ll dig into the method and motivation behind the release.
Why build a Community Edition?
We’re big believers that teams should ‘do canaries first’: it can be one of the highest ROI activities when starting to think about security. If I think back to the inception of Tracebit: two security-conscious founders with a dream - we were certainly trying to build on good foundations. We did not however have the time or budget to engage in any sales processes except our own!
I’ve been to a lot of security conferences and meet-ups this year, and I consistently meet people who are very enthusiastic about the idea of canaries - but they don’t have a budget or they want to use them in a personal capacity. If I’m honest - until last week - we weren’t able to offer them much more than a chat, a t-shirt and potentially a job opportunity.
We want to be able to help everyone improve their security, including those for whom spending money on any kind of tooling just isn’t an option. We’ll know we’re succeeding if anyone recommends that a non-technical friend use Tracebit as readily as they would recommend using a password manager.
And - let's be frank, Tracebit is a business - technical buyers have always preferred to 'try before we buy'. Part of the play here is to delight users with the opportunity to try Tracebit Community, with a view to talking to us about our wider offerings.
What should it look like?
With a clear picture of who we wanted to benefit from community edition, the obvious question is: what should we build?
Easy to get started
A low ‘Time to Value’ is something that we consistently strive for in our product, and it’s appreciated by our customers. In the context of individuals trying out a new tool in their spare time, the bar is even higher. Your average homelab setup is probably not subject to a release process including code review and staging environments!
Our goal here was that within 5 minutes of first hearing about Community Edition, you could have a bunch of valuable canaries deployed to detect real risks that you might face.
Universal canaries
Our enterprise product supports canaries across a number of platforms - think AWS, Kubernetes, Okta etc. When it comes to community edition though, we wanted something as widely applicable as possible. We landed on a combination of canaries that would provide value to nearly everyone:
- API & SSH keys stored on your computer
- Login credentials stored in your password manager
- Session cookies stored in your browser
- Canary emails stored in your inbox
New integrations
Several design decisions most appreciated by our enterprise customers are not especially well-suited to personal use. One example would be how we manage canary credentials on workstations via integration with MDM providers, meaning we don’t require any type of Tracebit agent on our user’s machines. That works well - but how many people are running an MDM in a personal capacity?
Similarly, most people won’t have their own personal SIEM or SOAR. It was clear we’d need to provide more ubiquitous options to provide the most value to the most people.
Tracebit Community CLI
It feels like there’s been something of a resurgence in terminal-based applications recently. Inspired by tools we use on a daily basis - like Codex and Claude Code - we imagined a Tracebit CLI. Although a command line interface might not be the most approachable for all users, the addition of an interactive terminal experience seemed like it would enable us to support less-technical and power users alike. We’re big believers in the value of using short-lived credentials as canaries, which does mean you need something to regularly refresh them. The Tracebit CLI allows you to quickly create a variety of different canaries, and maintain them on your machines in a set-and-forget fashion.
Of course, if we want people to run a Tracebit binary on their personal computers, we felt it important to make the source and build process transparent to them.
Stealth
One fairly unique challenge when it comes to making a detection product widely available is that of ‘stealth’. Anyone in the world - including threat actors - could sign up to Tracebit to investigate our canaries and look for signatures or ‘tells’ that could be used to evade them. We didn’t want to devalue our product for our customers by revealing characteristics of their existing canaries to the world at large!
Simple examples would be the IP addresses associated with SSH hosts, or the fact that you can discover the AWS account associated with an Access Key ID without using it at all. Before releasing the community edition to the world, we went to fairly significant lengths to introduce variations in several aspects of our canaries to evade fingerprinting.
A natural question arises: what about community users themselves? How can we give them some protection against our detections being fingerprinted and evaded? The solution we came to here is one of ‘tiers’. Established users who have referred others are able to progress to increasingly exclusive canaries - where e.g. IP addresses and account IDs won’t be shared with the wider userbase.
What’s next?
I’m very proud of the team that’s worked with such focus and determination to ship Tracebit Community Edition. It was incredibly validating to see the reaction and interest when I showed it to people at BSides London.
There’s many directions we could take Tracebit Community Edition next. We’re really excited about some of them - but the most valuable features can only be shaped by feedback from the wider community.
So please: give it a try! Tell us (community@tracebit.com) what you like; but more importantly what you don’t, and what you want to see next. Hopefully together we can make canaries the widespread security practice it ought to be!
Get started with community edition today.
