.png)
Episode 3 of Canaries in the Wild is live. We sat down with Mandy Andress, CISO at Elastic, who has been working with deception technology since the early days of honeypots and honeynets.
Mandy brings a CISO's perspective on why canaries deserve a much larger role in modern security programs, and shares her views on how the fundamentals of detection are shifting as environments become more complex and threats evolve.
Honeypots vs Canaries
Mandy breaks down the key differences between honeypots and canaries, and explains how she thinks about prioritisation when building security programs
Assume breach and leaked credentials
She explains why assume breach is foundational and why behavioural analytics matters when attackers use leaked credentials—today's top entry point.
Canary use cases
From file shares to cloud accounts, Mandy walks through practical examples of where to deploy canaries and what makes them effective in production environments.
No-code vulnerabilities and AI agents
Mandy shares her perspective on the coming wave of security challenges: applications shipped with no-code tools, and autonomous AI agents operating across your infrastructure. She explains why it'll get worse before it gets better, and the role canaries will play in setting guardrails.
Listen to Episode 3 here.
