Passive DNS Unsung Hero

Passive DNS Monitoring – Why It’s Important for Your IR Team

Phil Hagen

DNS is an unsung hero among protocols during a network investigation. It’s almost universally used by other protocols such as HTTP, SMTP, and the like. It’s also a plaintext protocol, which can benefit an incident responder who cannot otherwise examine the contents of an encrypted connection. However, passive DNS monitoring (also known as DNS logging) is still somewhat rare in … Read More

Top 6 Questions & Answers: How to Take Control of Your Response Operations

Keith McCammon, Chief Security Officer

I recently had the pleasure of moderating a webinar on response operations with a panel of security leaders who shared their insights and expertise. It was a lively discussion that addressed everything from prioritizing alerts across your toolset to identifying which key metrics to track in order to demonstrate efficacy. Whether you have an IR program in place and want … Read More

3 Essential Components to Build into Your Incident Response Program in 2017

Michael Haag

In my previous role as a network security architect at a Fortune 500 company, I worked on a team of two. This required us to wear a number of hats. One of our core operating functions was performing incident response across 70,000 endpoints globally. Initially, our program was very reactive. Over the course of a year, we began maturing the program … Read More

Cut Your Time to Respond With Red Canary + PagerDuty

Brian Beyer

Over the years, our customers have integrated Red Canary detection notifications into a variety of tools. A few of the more common integrations include: Shared incident response email lists Webhooks into JIRA issue tracking systems Syslog into SIEMs Splunk using the Red Canary API Today, we are excited to announce our newest integration and partnership: PagerDuty. Red Canary customers can now instantly receive threat … Read More

News Flash: Red Canary Brings the Year 2001 to Security with SMS. Next Up, Fax Machines…

Chris Rothe

Despite the adoption of SMS across many enterprise products, security vendors have never really integrated SMS capabilities into their offerings. Rather, most security companies focused internally, building new workflows and processes that you had to learn. The recent trend has shifted to integration, bud sadly SMS has been left off the list. Until now! We’re excited announce Red Canary’s use of SMS notifications for … Read More

detailed virtual planet

Improving Incident Response with Autonomous System Numbers

Phil Hagen

Once the sole domain of network operations teams, the Autonomous System Number has become a valuable data point for the digital forensic and incident response team as well. Autonomous System Numbers, or AS Numbers, designate the owner blocks of IP addresses. For example, an ISP like Comcast Communications owns thousands of net blocks consisting of millions of IP addresses – … Read More

Using Responder Feedback to Detect Repeat Infections

They’re baaack: Using responder feedback to detect repeat infections

Keith McCammon, Chief Security Officer

Red Canary’s purpose is to perform world-class endpoint threat detection more accurately and against a broader spectrum of threats than anyone else. To do this, we continually invest in additional detection technologies and process improvements. Our newest feature sits squarely between both of these buckets. You can now mark detected threats as remediated to tune Red Canary’s detection engine and ensure that … Read More