Threat Intelligence

Common Security Mistake #3: Aimless Use of Threat Intelligence

Phil Hagen

“Threat Intelligence” is the latest security concept to undergo aggressive cyber-buzzwordification (this is a real word). This is common in the information security industry, and follows a very predictable cycle: Discovery A real and valuable concept starts to take hold, and high-functioning security teams leverage the concept with great success. Socialization In a genuine interest to improve the security game, … Read More

Threat Investigation 5207

Shutting Down a Hands-on Keyboard Attack: Two Joes vs One Threat Actor

Suzanne Moore

It was a Friday afternoon when the alert came in. One of Red Canary’s customers had experienced a breach. The compromise occurred on an unsecured endpoint—an isolation development box that was used for testing. The customer had deployed Red Canary Managed Endpoint Detection & Response (MEDR) across its most critical endpoints: domain controllers, front-facing web server, executive endpoints, databases, and … Read More

Alert Fatigue

Alert Fatigue: How to Tune Out the Noise and Reclaim Your Hours

Keshia LeVan

As an analyst, reviewing events generally takes up a pretty good chunk of your day. And as much as there is a lot of hype about moving away from “signature-based detection,” many detection solutions are at their core just based on a rule (or set of rules) with some Boolean logic and pattern matching. That’s not to say they aren’t … Read More

Perimeter-Based Security

Common Security Mistake #2: Focusing on the Perimeter

Phil Hagen

Historically, security programs have focused most heavily on the perimeter of the environment, likely in an effort to mirror physical security measures. While fences and surveillance cameras at the entry and exit points of a bank or manufacturing facility may provide sufficient visibility and controls for the threat models faced in those scenarios, they simply are not adequate for the … Read More

Threat Hunting for Dridex

Threat Hunting for Dridex Attacks: Top Questions from Security Teams

Joe Moles

I recently spoke on a threat hunting webinar with our partner Carbon Black in which we dove into Dridex attacks: how they work, why they’re so effective, and how security teams can detect them through a proactive threat hunting approach. For anyone who’s unfamiliar with Dridex, the malware evades signature-based detection and is built to harvest the banking credentials of … Read More

Want Better Security? Start With These 5 Proven IT Fundamentals

Adam Mathis

I recently had the opportunity to talk with a number of security decision makers at a security event in Chicago. As much as I enjoy discussing the impact Red Canary has on our customers’ security postures, it’s even more enjoyable for me to simply talk shop with other security folks. What kind of problems are they facing? What solutions are … Read More

Windows Technical Deep Dive

How to Use Windows API Knowledge to Be a Better Defender

Ben Downing

The Windows API is a large, complex topic with decades of development history and design behind it. Although it is far too vast to cover in a single article, even a cursory knowledge is enough to improve your event analysis and your basic malware analysis skills. Understanding how Windows works can help defenders to better understand and defend against threats, … Read More