Combing Through Endpoint Data to Detect Threats

Keith McCammon, Chief Security Officer

I’m always combing through detections that we produce in search of exemplars. My tendency is to look for unique malware, attack vectors, or lateral movement techniques. Today I encountered a detection that at a glance is far from novel—commodity crimeware delivered via email as a .scr (Windows screensaver) file—but is actually a terrific example of the power of endpoint telemetry … Read More

Defending Endpoints

You Don’t Have to be in the Fortune 500 to Successfully Defend Against Advanced Attacks

Brian Beyer

Defending your endpoints is complicated and expensive and often leaves comprehensive endpoint security for companies with the biggest security budgets. We’re not ok with that – because every organization is a target. Defending your endpoints is complicated For most organizations, a strong endpoint security posture requires the visibility to see activity across your organization, a way to prevent attacks, detection of … Read More

What Red Canary Detects: Spotlight on Process Injection

Jason Garman

Red Canary’s threat detection leverages the five event types collected by Carbon Black’s endpoint monitoring platform: file modifications, registry modifications, network connections, process tree information, and binary collection. These data points are streamed into our proprietary Threat Detection Engine that was purpose built to perform automated binary, behavioral and threat intelligence analysis to find anomalous events requiring further review at … Read More

Detection Profile: Silent Periodic Activity

Phil Hagen

One hallmark for many malware events is the regular periodic behavior they present when rallying for and checking in with their command and control servers.  The check-in interval can be a very useful metadata point in hunting an adversary.  However, the constant state of change that attackers can use for their own infrastructure makes this a challenge with traditional methods. … Read More

Respond to an Endpoint Threat in 90 Seconds

Chris Rothe

At Red Canary, we’re always looking to simplify our customers’ security operations. Responding to the confirmed threats you receive from Red Canary is simple: isolate the endpoint, craft a response plan, and execute. Ready? Start the clock. Your Red Canary detections include the buttons: “Isolate Endpoint” and “Respond.” Isolating the endpoint disables all network communication from the endpoint to anywhere … Read More

The Fallacy of Breach Prevention

Phil Hagen

“Prevention of bad things” is not an idea unique to the information security world – and not even a new one for us.  For decades, the information security market has been dominated by so-called prevention solutions.  These often promise immunity from whatever the latest specter of bad things™ happens to be parroted in any given year.  The prevalence of viruses … Read More

Security Team

What Red Canary Detects, Part III: Unwanted Software

Keith McCammon, Chief Security Officer

We produce unwanted software detections primarily because they are indicators of vulnerable system or network configurations. Further, unwanted software almost always arrives as a result of improperly sourced software installed by an end user, and thus its presence indicates that end users have both the technical means and the willingness to execute untrusted code. Why is this so important? When … Read More