Incident Response Retainers

An Analyst’s Tale of Incident Response Retainers: “It’s All About the Benjamins”

Frank McClain

Once upon a time there lived a boy named Benjamin. Benjamin was very smart, and grew up with a passion for Information Security. As an adult he became part of the InfoSec team at “WidgetCo,” whose highly-prized widgets made their network and computing infrastructure a constant target. Benjamin was constantly making recommendations to help the organization defend against a barrage … Read More

Lack of visibility

Common Security Mistake #1: Lack of Visibility

Phil Hagen

Even mature security teams sometimes make mistakes. This series of blog posts will address common mistakes based on real-world engagements with teams of all sizes and maturity levels. The author, Phil Hagen, is a long-time information security strategist, digital forensics practitioner, and SANS Certified Instructor. Part of Phil’s role at Red Canary is to educate organizations about ways to solve problems … Read More

Passive DNS Unsung Hero

Passive DNS Monitoring – Why It’s Important for Your IR Team

Phil Hagen

DNS is an unsung hero among protocols during a network investigation. It’s almost universally used by other protocols such as HTTP, SMTP, and the like. It’s also a plaintext protocol, which can benefit an incident responder who cannot otherwise examine the contents of an encrypted connection. However, passive DNS monitoring (also known as DNS logging) is still somewhat rare in … Read More

Top 6 Questions & Answers: How to Take Control of Your Response Operations

Keith McCammon, Chief Security Officer

I recently had the pleasure of moderating a webinar on response operations with a panel of security leaders who shared their insights and expertise. It was a lively discussion that addressed everything from prioritizing alerts across your toolset to identifying which key metrics to track in order to demonstrate efficacy. Whether you have an IR program in place and want … Read More

Financial firms information security strategy

3 Essential Components to Build into Your Incident Response Program in 2017

Michael Haag

In my previous role as a network security architect at a Fortune 500 company, I worked on a team of two. This required us to wear a number of hats. One of our core operating functions was performing incident response across 70,000 endpoints globally. Initially, our program was very reactive. Over the course of a year, we began maturing the program … Read More

Improving Detection and Response: Can Thinking Backward Move Your Security Forward?

Chris Rothe

Recently I’ve been pondering a way of thinking about detection and response. In my mind it is called “Response-Enabled Detection” and it reminds me of the golf strategy of playing a hole backwards. Most of us amateur golfers stand on the tee box and try to pick a spot to hit the ball based on our current perspective. From there … Read More

Cut Your Time to Respond With Red Canary + PagerDuty

Brian Beyer

Over the years, our customers have integrated Red Canary detection notifications into a variety of tools. A few of the more common integrations include: Shared incident response email lists Webhooks into JIRA issue tracking systems Syslog into SIEMs Splunk using the Red Canary API Today, we are excited to announce our newest integration and partnership: PagerDuty. Red Canary customers can now instantly receive threat … Read More