Incident Response Retainers

An Analyst’s Tale of Incident Response Retainers: “It’s All About the Benjamins”

Frank McClain

Once upon a time there lived a boy named Benjamin. Benjamin was very smart, and grew up with a passion for Information Security. As an adult he became part of the InfoSec team at “WidgetCo,” whose highly-prized widgets made their network and computing infrastructure a constant target. Benjamin was constantly making recommendations to help the organization defend against a barrage … Read More

Lack of visibility

Common Security Mistake #1: Lack of Visibility

Phil Hagen

Even mature security teams sometimes make mistakes. This series of blog posts will address common mistakes based on real-world engagements with teams of all sizes and maturity levels. The author, Phil Hagen, is a long-time information security strategist, digital forensics practitioner, and SANS Certified Instructor. Part of Phil’s role at Red Canary is to educate organizations about ways to solve problems … Read More

cost of endpoint detection and response

What’s the Cost of Endpoint Detection & Response?

Suzanne Moore

Every security team is constrained by staff and budget. It’s not surprising, then, that one of the most common questions we hear from security teams is around the cost and ROI of an Endpoint Detection & Response (EDR) investment. For every company considering EDR, it is important you know that it’s far from being a “set it and forget it” … Read More

Outsourcing Security Services

5 Reasons for Outsourcing Security Services

Cory Bowline

Every organization needs to detect threats and immediately respond. But building a detection and response capability requires significant investments and many organizations struggle to assemble the required pieces. The tools are rarely the problem; the hard part is finding a team of experienced analysts, researchers, investigators, and engineers that know how to operate and improve this capability. And while the underlying … Read More

Evaluating MSSPs

Considering an MSSP for Managed Detection and Response? Read this first.

Suzanne Moore

Until recently, organizations that have lacked the resources to build an internal detection and response capability have had few options. They could either (a) purchase an advanced product without properly staffing it; (b) attempt to hire; or (c) use the traditional outsourcing option of a Managed Security Service Provider (MSSP). Last year, Gartner identified Managed Detection and Response (MDR) as … Read More

Carbon Black Response How-tos

How to Baseline and Inventory an Environment in Minutes with Carbon Black Response + Surveyor

Keith McCammon, Chief Security Officer

Years ago, as Red Canary began to scale security operations atop the Carbon Black (Cb) Response platform, we immediately started to identify some common use cases: Incident response and investigations Root cause analysis Inventory Cb Response was built for the express purpose of supercharging the incident response process. Instead of painstakingly collecting terabytes of data that need to be loaded, … Read More

tabletop simulations for information security

Are You Using Tabletop Simulations to Improve Your Information Security Program?

Kyle Rainey

Tabletop simulations provide a great vehicle for organizational awareness and training for inevitable security incidents. They allow a team to come together in a low-stress environment and assess their procedures and plans. Yet for most organizations these exercises are conducted once a year as a compliance requirement or to spend unused retainer hours from an incident response services provider. So … Read More