Closing Critical Gaps in the Defense Industrial Base

Cory Bowline

Every organization has gaps in its security posture. There is simply too much surface area and too few resources for organizations to perfectly cover all the gaps. Given enough time, attackers will find and exploit these gaps. Below is a high-level case study of one such incident that occurred a year ago at a mid-sized United States defense contractor. The contractor had appropriate perimeter … Read More

Detecting Targeted Crimeware Within 30 Minutes of Activating Red Canary

Keith McCammon, Chief Security Officer

There is no limit to the creativity attackers will use when masking their activity. We observed a great example of this immediately after beginning a 14-day evaluation with a B2C services company. Like most of our customers, this company needed an endpoint visibility, detection and response solution to augment their existing security efforts and further protect its PCI and PII … Read More

Combing Through Endpoint Data to Detect Threats

Keith McCammon, Chief Security Officer

I’m always combing through detections that we produce in search of exemplars. My tendency is to look for unique malware, attack vectors, or lateral movement techniques. Today I encountered a detection that at a glance is far from novel—commodity crimeware delivered via email as a .scr (Windows screensaver) file—but is actually a terrific example of the power of endpoint telemetry … Read More

Defending Endpoints

You Don’t Have to be in the Fortune 500 to Successfully Defend Against Advanced Attacks

Brian Beyer

Defending your endpoints is complicated and expensive and often leaves comprehensive endpoint security for companies with the biggest security budgets. We’re not ok with that – because every organization is a target. Defending your endpoints is complicated For most organizations, a strong endpoint security posture requires the visibility to see activity across your organization, a way to prevent attacks, detection of … Read More

What Red Canary Detects: Spotlight on Process Injection

Jason Garman

Red Canary’s threat detection leverages the five event types collected by Carbon Black’s endpoint monitoring platform: file modifications, registry modifications, network connections, process tree information, and binary collection. These data points are streamed into our proprietary Threat Detection Engine that was purpose built to perform automated binary, behavioral and threat intelligence analysis to find anomalous events requiring further review at … Read More

Detection Profile: Silent Periodic Activity

Phil Hagen

One hallmark for many malware events is the regular periodic behavior they present when rallying for and checking in with their command and control servers.  The check-in interval can be a very useful metadata point in hunting an adversary.  However, the constant state of change that attackers can use for their own infrastructure makes this a challenge with traditional methods. … Read More

Respond to an Endpoint Threat in 90 Seconds

Chris Rothe

At Red Canary, we’re always looking to simplify our customers’ security operations. Responding to the confirmed threats you receive from Red Canary is simple: isolate the endpoint, craft a response plan, and execute. Ready? Start the clock. Your Red Canary detections include the buttons: “Isolate Endpoint” and “Respond.” Isolating the endpoint disables all network communication from the endpoint to anywhere … Read More