Threat Hunting

Threat Hunting Is Not a Magical Unicorn

Joe Moles

Threat hunting, like most market buzz terms, started with a concept or an idea, and then got overused and misused by every vendor, blogger, and Twitter account with an opinion. This has led to a lot of confusion for security teams that want to build a threat hunting capability. So what is threat hunting and how do you do it? … Read More

Joe Casazza, Red Canary Technical Account Manager

Meet Your Newest Team Member: Joe Casazza, Red Canary Technical Account Manager

Red Canary

Customers consistently tell us that one of the things they find most beneficial about Red Canary is our Technical Account Management (TAM) team. Every Red Canary TAM has real-world security experience. They act as an extension of our customers’ teams by supporting incident response efforts, answering questions about detections, and providing guidance on remediation. Best of all, they’re driven by … Read More

Endpoint Visibility and EDR

Endpoint Visibility & EDR: Important Assessment Criteria

Suzanne Moore

Most organizations have no idea what’s happening on their endpoints. We often hear this referred to as “endpoint blindness,” and it’s one of the most common challenges for security teams. Organizations have hundreds or thousands of laptops, workstations, and servers in their environment, but have no idea what’s actually happening on them. With the increased sophistication and frequency of today’s attacks, … Read More

Cybersecurity Shortage

I Can’t Fill My Security Head Count. What Can I Do?

Ben Johnson

This guest post on the cybersecurity shortage was contributed by Ben Johnson, security executive and co-founder of Carbon Black. This article originally appeared on SCMagazine. The talent deficit in cybersecurity is real. Teams are understaffed and recruiters are getting desperate. There’s simply too much work to go around. I’ve circled the globe talking with hundreds of organizations and having an open … Read More

Whitelist Evasion Example

Whitelist Evasion Example: Threat Detection #723

Keshia LeVan

In my previous blog post on bypassing application whitelisting, I provided an overview of what application whitelisting is, why it’s effective, and how to look for signs that it’s being bypassed. Now, let’s dig deeper into a real-world example to illustrate what analysts and IT teams will see when monitoring endpoint behavior. Oftentimes when a built-in tool is being used … Read More

Bypassing Application Whitelisting

Bypassing Application Whitelisting: How IT Teams Can Detect It

Keshia LeVan

Let me start by saying that if you’re looking for a deep dive into bypassing application whitelisting, this probably isn’t the right place to start. The intent of this article is to provide an overview of what bypassing application whitelisting means and how it looks from the view of an endpoint. The challenge security teams face is that even after … Read More

Passive DNS Unsung Hero

Passive DNS Monitoring – Why It’s Important for Your IR Team

Phil Hagen

DNS is an unsung hero among protocols during a network investigation. It’s almost universally used by other protocols such as HTTP, SMTP, and the like. It’s also a plaintext protocol, which can benefit an incident responder who cannot otherwise examine the contents of an encrypted connection. However, passive DNS monitoring (also known as DNS logging) is still somewhat rare in … Read More