Red Canary Detector Development

Behind the Scenes with Red Canary’s Detection Engineering Team

Kyle Rainey

At Red Canary, we are huge believers in sharing methodologies of how and why we do things. It provides opportunities for others to learn and pushes the community forward. Today we are excited to pull back the curtains on Red Canary’s detection engineering team. Our team’s mission is simple: hunt and find threats. Rather than analyzing and triaging alerts like … Read More

Common SIEM Issues

Why a SIEM Won’t Solve All Your Problems: 5 Common Issues and How to Avoid Them

Justin Henderson

Today’s organizations suffer from a gap in detection capabilities. Research such as the Mandiant M-Trends report show that the median time to detect an adversary is 99 days. Even if you interpret this with a grain of salt, there’s no doubt that the ability to catch an adversary is far from where it should be. Many organizations look to implement … Read More

Security Architect Lessons

Security Architect Lessons: What I Learned Managing and Assessing Cyber Risk at a Fortune 200

Michael Haag

I worked as the security leader of a global Fortune 200 organization for two years, where I was responsible for cyber security strategy, architecture, and risk reduction during an extended phase of rapid growth and acquisition. I focused on ensuring we had visibility across the most vital layers while working with each entity to mature their security posture and address … Read More

Red Canary at RSA

Join Red Canary at RSA for Real Security Conversations With Real Security People

Suzanne Moore

If you’ve been to RSA, you know the expo hall can be full of flashy product pushes. Join Red Canary at RSA Booth #2225 for real security conversations with real security people. We’ll have a combination of founders, security operations, researchers, technical account managers, and customer success managers on-site. (And of course, everyone’s favorite: free t-shirts and stickers.) Are you … Read More

Lateral Movement and Cryptomining

Tried-and-True Tactics: How an Adversary Mixed Lateral Movement and Cryptomining

Tony Lambert

Cryptomining continues to be a hot topic as the values of cryptocurrencies fluctuate, and adversaries use mining as an easy way to make money without needing escalated privileges. In my last detection post, I wrote about mining as the objective of exploitation against Oracle WebLogic systems. In this detection, we’ll look at how one adversary supplemented operations with a little … Read More

Security Team Development

Building a Winning Security Team: Practical Tips on Training and Team Development

Phil Hagen

The most fundamental truth in information security is that we need smart people to do the most important parts of the job. Regardless of how many racks of servers, gazillions of dollars of software, or dozens of threat intel “feeds” we invest in, they won’t provide the slightest impediment to adversaries without real live humans to run the show. This … Read More

Red Canary Threat Response

How an IT Service Provider and Red Canary Stopped a Malware Outbreak

Eric Groce

A technical account manager recounts how Red Canary partnered with an IT service provider to help one of their customers stop a rapidly spreading network worm. The article goes behind the scenes of the incident response effort and shares best practices to avoid a breach. Most IT service providers can relate to the following scenario: It’s an idle Thursday. You … Read More