Ripped from the Headlines

The Real Lessons From the Latest Security “Scandal”

Chris Rothe

In the aftermath of the excitement of the hit piece on Carbon Black published by DirectDefense and circulated by Gizmodo and others, there are a few lessons that I hope we as a security community (practitioner and vendor) can learn. 1: Understand where your data is going. The first, and most obvious, is the importance of understanding exactly what data … Read More

Threat Intelligence

Common Security Mistake #3: Aimless Use of Threat Intelligence

Phil Hagen

“Threat Intelligence” is the latest security concept to undergo aggressive cyber-buzzwordification (this is a real word). This is common in the information security industry, and follows a very predictable cycle: Discovery A real and valuable concept starts to take hold, and high-functioning security teams leverage the concept with great success. Socialization In a genuine interest to improve the security game, … Read More

Threat Investigation 5207

Shutting Down a Hands-on Keyboard Attack: Two Joes vs One Threat Actor

Suzanne Moore

It was a Friday afternoon when the alert came in. One of Red Canary’s customers had experienced a breach. The compromise occurred on an unsecured endpoint—an isolation development box that was used for testing. The customer had deployed Red Canary Managed Endpoint Detection & Response (MEDR) across its most critical endpoints: domain controllers, front-facing web server, executive endpoints, databases, and … Read More

Alert Fatigue

Alert Fatigue: How to Tune Out the Noise and Reclaim Your Hours

Keshia LeVan

As an analyst, reviewing events generally takes up a pretty good chunk of your day. And as much as there is a lot of hype about moving away from “signature-based detection,” many detection solutions are at their core just based on a rule (or set of rules) with some Boolean logic and pattern matching. That’s not to say they aren’t … Read More

Perimeter-Based Security

Common Security Mistake #2: Focusing on the Perimeter

Phil Hagen

Historically, security programs have focused most heavily on the perimeter of the environment, likely in an effort to mirror physical security measures. While fences and surveillance cameras at the entry and exit points of a bank or manufacturing facility may provide sufficient visibility and controls for the threat models faced in those scenarios, they simply are not adequate for the … Read More

Threat Hunting for Dridex

Threat Hunting for Dridex Attacks: Top Questions from Security Teams

Joe Moles

I recently spoke on a threat hunting webinar with our partner Carbon Black in which we dove into Dridex attacks: how they work, why they’re so effective, and how security teams can detect them through a proactive threat hunting approach. For anyone who’s unfamiliar with Dridex, the malware evades signature-based detection and is built to harvest the banking credentials of … Read More

Want Better Security? Start With These 5 Proven IT Fundamentals

Adam Mathis

I recently had the opportunity to talk with a number of security decision makers at a security event in Chicago. As much as I enjoy discussing the impact Red Canary has on our customers’ security postures, it’s even more enjoyable for me to simply talk shop with other security folks. What kind of problems are they facing? What solutions are … Read More