Detecting and Combating Advanced Threats

Detecting and Combating Advanced Attacks: a Global Not-for-Profit’s Defense Strategy

Cory Bowline

Everyone knows advanced threats are extremely difficult to defend against. Nothing earth-shattering there. They leverage sophisticated tactics, techniques, and procedures (TTPs) to covertly harvest sensitive data, and are characterized by their ability to avoid detection. Most organizations say they are concerned about advanced attackers, but also question if they would ever be a target. But what about the organizations that … Read More

Threat Hunting vs Threat Mining

There’s Gold in Those Endpoints: Threat Mining vs Threat Hunting

Joe Moles

In my last post I talked about what threat hunting is and is not. Between that and our recent webinar on threat hunting, I’ve gotten a lot of questions and wanted to follow up with a deeper dive into how Red Canary analysts use threat hunting to find threats on behalf of our customers. My team eats, sleeps, and breathes … Read More

Common Endpoint Detection and Response Mistakes

5 Common Mistakes to Avoid When Building an Endpoint Detection and Response Capability

Cory Bowline

Organizations are increasingly looking to Endpoint Detection and Response (EDR) to detect and respond to threats that bypass prevention tools. EDR is designed to give organizations better visibility into finding and stopping malware, advanced threats, and reducing the risk of a breach. Unfortunately, while EDR tools can assist with detecting attacks and limiting dwell time, they can also create new … Read More

Security Spending Shift Toward Detection and Response

How CISOs Can Navigate the Shift Toward Detection and Response

Keith McCammon, Chief Security Officer

The security landscape is undergoing a major transformation as organizations shift spending toward detection and response. According to Gartner, detection and response is a top security priority for organizations in 2017, and spending on enhancing detection and response capabilities will be a key priority for security buyers through 2020. This shift is a move away from wide but shallow services … Read More

Endpoint Visibility and EDR

Endpoint Visibility & EDR: Important Assessment Criteria

Suzanne Moore

Most organizations have no idea what’s happening on their endpoints. We often hear this referred to as “endpoint blindness,” and it’s one of the most common challenges for security teams. Organizations have hundreds or thousands of laptops, workstations, and servers in their environment, but have no idea what’s actually happening on them. With the increased sophistication and frequency of today’s attacks, … Read More

Whitelist Evasion Example

Whitelist Evasion Example: Threat Detection #723

Keshia LeVan

In my previous blog post on bypassing application whitelisting, I provided an overview of what application whitelisting is, why it’s effective, and how to look for signs that it’s being bypassed. Now, let’s dig deeper into a real-world example to illustrate what analysts and IT teams will see when monitoring endpoint behavior. Oftentimes when a built-in tool is being used … Read More

A Guide to Evaluating EDR Security Products: 15 Critical Questions to Ask

Suzanne Moore

The EDR market is booming. A recent Gartner report found that the EDR market more than doubled in 2016, and another analysis predicts the number of organizations using EDR security products will triple over the next five years. However, growth does not come without challenges. Many security teams struggle to define the right questions to ask when looking to add EDR … Read More