Red Canary vs. PoshRAT

Red Canary vs. PoshRAT: Detection in the Absence of Malware

Keith McCammon, Chief Security Officer

Detecting malware isn’t easy per se. However, in all but the most sophisticated* attacks, this involves detecting the introduction of something new into an environment. Most of the time this is trivial, some of the time it can be subtle and challenging. But in either case, it is orders of magnitude easier than detection of a malicious insider or an entrenched attacker, both of whom look similar … Read More

Applying the National Intelligence Process to Information Security

Cory Bowline

The “Intelligence” approach to information security is growing in popularity, but many are still struggling to define what this means to their own processes. Red Canary has drawn upon the time-tested and well-defined procedures followed by practitioners of secret intelligence – spies, satellites, drones, etc. – in order to explain how to build and manage an intelligence process that will … Read More

Closing Critical Gaps in the Defense Industrial Base

Cory Bowline

Every organization has gaps in its security posture. There is simply too much surface area and too few resources for organizations to perfectly cover all the gaps. Given enough time, attackers will find and exploit these gaps. Below is a high-level case study of one such incident that occurred a year ago at a mid-sized United States defense contractor. The contractor had appropriate perimeter … Read More

Detecting Targeted Crimeware Within 30 Minutes of Activating Red Canary

Keith McCammon, Chief Security Officer

There is no limit to the creativity attackers will use when masking their activity. We observed a great example of this immediately after beginning a 14-day evaluation with a B2C services company. Like most of our customers, this company needed an endpoint visibility, detection and response solution to augment their existing security efforts and further protect its PCI and PII … Read More

Combing Through Endpoint Data to Detect Threats

Keith McCammon, Chief Security Officer

I’m always combing through detections that we produce in search of exemplars. My tendency is to look for unique malware, attack vectors, or lateral movement techniques. Today I encountered a detection that at a glance is far from novel—commodity crimeware delivered via email as a .scr (Windows screensaver) file—but is actually a terrific example of the power of endpoint telemetry … Read More

Defending Endpoints

You Don’t Have to be in the Fortune 500 to Successfully Defend Against Advanced Attacks

Brian Beyer

Defending your endpoints is complicated and expensive and often leaves comprehensive endpoint security for companies with the biggest security budgets. We’re not ok with that – because every organization is a target. Defending your endpoints is complicated For most organizations, a strong endpoint security posture requires the visibility to see activity across your organization, a way to prevent attacks, detection of … Read More

What Red Canary Detects: Spotlight on Process Injection

Jason Garman

Red Canary’s threat detection leverages the five event types collected by Carbon Black’s endpoint monitoring platform: file modifications, registry modifications, network connections, process tree information, and binary collection. These data points are streamed into our proprietary Threat Detection Engine that was purpose built to perform automated binary, behavioral and threat intelligence analysis to find anomalous events requiring further review at … Read More