Security Team

What Red Canary Detects, Part I: Overview & Malicious Software

Keith McCammon, Chief Security Officer

We want every detection that we produce to result in action. Actions are organization-specific and may include remediation, investigation, or simply a discussion related to configuration management. In this series we examine what Red Canary detects in the context of the classifications used to describe and group these threats for our customers. The primary purpose of these classifications is to expedite … Read More

Examining the endpoint security opportunity

Keith McCammon, Chief Security Officer

This week Network World reported on the “Massive Enterprise Endpoint Security Opportunity.” The premise is that, despite a very active Endpoint Threat Detection & Response (ETDR) market, companies still struggle with significant coverage gaps. In an ESG survey of security professionals, two data points emerge: 63% believe that “[t]here is no endpoint security vendor that delivers a product suite that … Read More

Medical Records are an Attractive Data Theft Target

Phil Hagen

While news about data breaches is growing disturbingly common, coverage is often focused on financial data – especially credit cards.  An event with direct impact to a large group of victims makes for a popular news topic, of course.  However, another major theft is gaining attention as well.  Personal data – notably medical records – has become a very popular target for … Read More

Visibility Becomes Paramount As Endpoints and MSSPs Heat Up

Ben Johnson

This is a guest post contributed by Benjamin Johnson, Chief Security Strategist, Bit9 + Carbon Black. The endpoint security space is hot right now. The managed security provider space is also hot right now. So it only makes sense that managed endpoint security, in one form or another, is the place to be. You cannot defend what you cannot see, … Read More

“Operation Cleaver” Blade Dulled

Phil Hagen

“Operation Cleaver” is an attack campaign Cylance details in a new report.  They contend an Iran-based attack group has compromised hundreds of targets in multiple countries and industries.  Regardless of the claims of attribution, the message is clear: well-financed, strategically focused attack groups continue to digitally plunder their targets.  As a community, our decades-old approach to network and information security simply … Read More

Apple OS X: Now With Red Canary Threat Detection Coverage

Phil Hagen

While Apple OS X has seen increasing market share in many enterprises, the security market has so far failed to provide a corresponding expansion in OS X coverage. Similarly, the once-held and thoroughly misguided concept that “Apple doesn’t get malware” is finally starting to die with the release of several families of malware targeting OS X users. Combined, these two developments mean that … Read More

Are Rogue Code Signing Keys in Your Environment?

Phil Hagen

Although this specific example has been exposed as part of a joke, the threat is real – code signing keys are often targeted by advanced attackers.  Keys stolen during other breach operations have been used to sign malicious software. Perhaps this was inevitable – it appears the attackers behind the Sony breach are using stolen code signing keys to sign the latest variants … Read More