How Honeypots and Canary Files Catch Attackers Before They Strike

How Honeypots and Canary Files Catch Attackers Before They Strike

From The Backup Wrap-Up by W. Curtis Preston (Mr. Backup)

May 11, 2026 · 34 min

About this episode

The episode discusses how honeypots and canary files can be used as effective tools in cybersecurity to detect attackers before they strike.

Honeypots and canary files are two of the most underused tools in cybersecurity — and in this episode, Dr. Mike Saylor and I break down exactly how they work and why you should be using them. The short version: they're tripwires. They tell you a bad guy is poking around your network before anything gets encrypted. Mike walks through his layered security analogy, explains the three different ways organizations use honeypots — learning attacker tactics, distraction, and testing — and then we get into canary files: what makes them different from a honeypot, how they beacon home when stolen, and why clock synchronization matters more than most people think if you ever want that evidence to hold up. We also cover how to stand one up without a big budget, what tools are available, and why something is absolutely better than nothing. Plus, Mike and I have news about our new O'Reilly book, Learning Ransomware Response and Recovery. 0:00 - Intro and book news 1:09 - Meet the crew 3:45 - Security is all about layers 9:22 - What are honeypots and canary files? 11:00 - Three ways honeypots work for you 13:17 - Real-world examples: bait cars and glitter bombs 15:20 - Making your honeypot…

People in this episode

Host: W. Curtis Preston

Guest: Dr. Mike Saylor

Topics covered

  • cybersecurity
  • honeypots
  • canary files
  • layered security
  • network protection

Keywords

  • honeypots
  • canary files
  • cybersecurity tools
  • network security
  • attack detection

Mentioned in this episode

Books & works: Learning Ransomware Response and Recovery

More episodes of The Backup Wrap-Up

Explore listener stats, chart rankings, contacts and more on the The Backup Wrap-Up podcast page.