Detecting and Combating Advanced Threats

Detecting and Combating Advanced Attacks: a Global Not-for-Profit’s Defense Strategy

Cory Bowline

Everyone knows advanced threats are extremely difficult to defend against. Nothing earth-shattering there. They leverage sophisticated tactics, techniques, and procedures (TTPs) to covertly harvest sensitive data, and are characterized by their ability to avoid detection. Most organizations say they are concerned about advanced attackers, but also question if they would ever be a target. But what about the organizations that … Read More

Windows Registry Attacks

Windows Registry Attacks: Knowledge Is the Best Defense

Andy Rothman

Let’s talk about the Windows registry…yes, that mysterious and oh-so-dangerous piece of the Windows operating system that we were warned against messing with from the moment we booted up our first PC. Turns out, the Windows registry is not as scary as everyone makes it out to be. Granted, if you do not know what you are doing, there is ample … Read More

“Managed” Is No Longer a Dirty Word: Taking a Fresh Look at Outsourcing Security

Suzanne Moore

As security leaders struggle to combat an evolving threat landscape and a severe talent shortage, a growing majority are taking a fresh look at their services options. Security services made up 45% of all security spending worldwide in 2016, and nearly 60% of organizations plan on increasing their use of IT security services. Clearly, “managed” is no longer a dirty … Read More

Threat Hunting vs Threat Mining

There’s Gold in Those Endpoints: Threat Mining vs Threat Hunting

Joe Moles

In my last post I talked about what threat hunting is and is not. Between that and our recent webinar on threat hunting, I’ve gotten a lot of questions and wanted to follow up with a deeper dive into how Red Canary analysts use threat hunting to find threats on behalf of our customers. My team eats, sleeps, and breathes … Read More

Verclsid.exe: Red Canary Threat Detection #1737

Old Phishing Attacks Deploy a New Methodology: Verclsid.exe

Keshia LeVan, Michael Haag

Phishing is not exactly a new or groundbreaking attack method, but it’s an ongoing problem (likely because it’s effective and we all need e-mail). A wave of Hancitor malware spam campaigns recently hit many organizations. It’s your typical pattern: a non-descriptively named Microsoft Word document sent with email subject lines like “USPS” or “eFax” using macros and heavily obfuscated VBScript … Read More

Common Endpoint Detection and Response Mistakes

5 Common Mistakes to Avoid When Building an Endpoint Detection and Response Capability

Cory Bowline

Organizations are increasingly looking to Endpoint Detection and Response (EDR) to detect and respond to threats that bypass prevention tools. EDR is designed to give organizations better visibility into finding and stopping malware, advanced threats, and reducing the risk of a breach. Unfortunately, while EDR tools can assist with detecting attacks and limiting dwell time, they can also create new … Read More

Security Spending Shift Toward Detection and Response

How CISOs Can Navigate the Shift Toward Detection and Response

Keith McCammon, Chief Security Officer

The security landscape is undergoing a major transformation as organizations shift spending toward detection and response. According to Gartner, detection and response is a top security priority for organizations in 2017, and spending on enhancing detection and response capabilities will be a key priority for security buyers through 2020. This shift is a move away from wide but shallow services … Read More