Threat Detection

What Red Canary Detects, Part III: Unwanted Software

Keith McCammon, Chief Security Officer

We produce unwanted software detections primarily because they are indicators of vulnerable system or network configurations. Further, unwanted software almost always arrives as a result of improperly sourced software installed by an end user, and thus its presence indicates that end users have both the technical means and the willingness to execute untrusted code. Why is this so important? When … Read More

20 CIS Critical Security Controls – How Red Canary Stacks Up

Phil Hagen

The 20 CIS Critical Security Controls are widely viewed as the “Gold Standard” framework for building and evaluating an organization’s security program. In this article, we will look at several of these controls and how Red Canary helps our clients improve their security posture in meaningful ways. (Full disclosure: I am a SANS Certified Instructor, but do not have any … Read More

Detecting CVE-2015-1130 on Mac OS X Endpoints

Jason Garman

Security researcher Emil Kvarnhammar released details related to his discovery of the latest vulnerability in Mac OS X – CVE-2015-1130 – on his blog today. The vulnerability exists in Apple’s Admin.framework and allows unprivileged users to elevate their privileges to root on any vulnerable system. Mac OS X versions 10.7 through 10.10.2 inclusive are vulnerable to this exploit, as Apple … Read More

Threat Detection

What Red Canary Detects, Part II: Suspicious Activity

Keith McCammon, Chief Security Officer

At the risk of oversimplifying the threats and threat actors that organizations face, I’m going to assume for purposes of this article that they fall into one of two broad categories: opportunistic and targeted. Opportunistic Attacks Opportunistic attackers land where they land and attempt to extract as much value from each victim as they can in a ruthlessly efficient manner. … Read More

Harnessing the full power of the Carbon Black API

Jason Garman

We work with Carbon Black every day at Red Canary. We are excited to announce the open sourcing of our Python API that allows for deeper and intuitive exploration of the Carbon Black datastore. This “CbApi2” is available at GitHub so everyone can enjoy easy and efficient programmatic access to Carbon Black data. There are two major design goals behind … Read More

A new approach to visualizing threats

Cory Bowline

At Red Canary, we’re constantly improving how we display the intelligence we provide our customers to make it more intuitive and actionable. Today we’re announcing two big improvements to our detection view. Detection timeline Our new detection timeline weaves together indicators of compromise with relevant endpoint activities, such as the relationship between processes and related system changes – all annotated by … Read More

Threat Detection

What Red Canary Detects, Part I: Overview & Malicious Software

Keith McCammon, Chief Security Officer

We want every detection that we produce to result in action. Actions are organization-specific and may include remediation, investigation, or simply a discussion related to configuration management. In this series we examine what Red Canary detects in the context of the classifications used to describe and group these threats for our customers. The primary purpose of these classifications is to expedite … Read More