Carbon Black Splunk threat hunting

Operationalizing Data With the Carbon Black and Splunk Integration (Part 1)

Michael Haag

Over the last 5 years I have grown very close to Splunk. The product has evolved so much over the years, but the core architecture has always been easy to deploy and understand. Splunk is known for the speed at which it can search for data, the reliability of its architecture, and the ability to spin up multiple indexers and … Read More

Continuous Monitoring

Why the Philosophy of Continuous Monitoring Is Powerful

Phil Hagen

Continuous Monitoring is a methodology by which evidence collection is “baked into” the network. Critical observations are made and recorded continuously and quickly available when needed. The idea is to pre-collect evidence that will support your investigative processes. The power of continuous monitoring is significant, and I encourage all businesses and organizations to adopt the notion of an investigable network—one that … Read More

Ripped from the Headlines

The Real Lessons From the Latest Security “Scandal”

Chris Rothe

In the aftermath of the excitement of the hit piece on Carbon Black published by DirectDefense and circulated by Gizmodo and others, there are a few lessons that I hope we as a security community (practitioner and vendor) can learn. 1: Understand where your data is going. The first, and most obvious, is the importance of understanding exactly what data … Read More

Using Carbon Black Response to Mitigate ETERNALBLUE

Keith McCammon, Chief Security Officer

In case you’ve been under a rock: There’s a wee problem with ransomware, fueled by the public release of a handful of high quality access (exploit) and persistence (backdoor) utilities. Most recently, these have manifested in the form of the WannaCry and Petya epidemics. While good intelligence on Petya infection vectors and lateral movement techniques are in a state of … Read More

Carbon Black Response How-tos

How to Baseline and Inventory an Environment in Minutes with Carbon Black Response + Surveyor

Keith McCammon, Chief Security Officer

Years ago, as Red Canary began to scale security operations atop the Carbon Black (Cb) Response platform, we immediately started to identify some common use cases: Incident response and investigations Root cause analysis Inventory Cb Response was built for the express purpose of supercharging the incident response process. Instead of painstakingly collecting terabytes of data that need to be loaded, … Read More

Detecting Snake Malware

Detecting Snake Malware Using Carbon Black Response

Keith McCammon, Chief Security Officer

Detecting Snake malware may be difficult as Snake is a relatively complex framework that includes persistence, information stealing, and communications modules among other capabilities. When researchers at Fox-IT announced the porting of the Snake malware framework from Windows to the Mac platform, we had a need to look retrospectively across our customer base to identify any potential Snake malware victims. … Read More

Encode All the Things! Investigating PowerShell Attacks

Joe Moles

The year 2016 saw an ever-increasing level of malware authors focusing on default tools built into the operating system. For example, the increase of PowerShell in use today has led many malware authors to work out interesting ways to avoid detection by encoding and obfuscating their methods. To aid security professionals in investigating PowerShell attacks, Red Canary wants to share how … Read More