A selection of use cases to consider when deploying security canaries, considering the Security Canary Maturity Model.
| Security Outcome | Maturity |
|---|---|
| Quickly test the impact of deploying canaries to understand any potential drawbacks and any initial signals from the environment. | Defined |
| Plug a simple visibility gap in a particular area you have plans to replace in the future. | Defined |
| Validate and improve the effectiveness of penetration testing processes. | Defined / Managed |
| Demonstrate effective detection capabilities against simulated attacks (e.g. catch the next red team). | Defined / Managed |
| Maintain comprehensive detection coverage as infrastructure evolves (i.e. canaries that evolve with the environment). | Managed |
| Close specific, known detection gaps in your environment (that are too costly or noisy to handle with other techniques). | Managed |
| Pro-actively prepare for 'unknown unknown' breaches or vulnerabilities. | Managed |
| Implement assurance and detective controls to prove that your existing security controls are doing their job. | Managed |
| Deploy similar or identical detective controls across disparate platforms (e.g. different public clouds) | Managed / Optimized |
| Improve detection of 'insider risk' behaviors (e.g. misuse of access to privileged environments). | Managed / Optimized |
| Develop a defense in depth strategy that you can share with auditors, regulators or customers. | Managed / Optimized |
| Achieve detection and response capabilities effective against sophisticated adversaries such as nation state actors. | Optimized |
