A canary server is another name for a honey pot. The definition might be slightly different depending on context. Honey pots often wait to attract and detect active threats, whereas a canary server is applied to a suspected threat. For example, a canary server may run a virtual environment designed to emulate a user environment such as a web browser. This environment is exposed to a threat such as a remote web site that may contain harmful content. The canary server is then tested to see if the threat has modified the user environment in any suspicious way. After testing the canary server can be restored from a snapshot.