Using Cb Response to Mitigate ETERNALBLUE

Keith McCammon, Chief Security Officer

In case you’ve been under a rock: There’s a wee problem with ransomware, fueled by the public release of a handful of high quality access (exploit) and persistence (backdoor) utilities. Most recently, these have manifested in the form of the WannaCry and Petya epidemics. While good intelligence on Petya infection vectors and lateral movement techniques are in a state of … Read More

Carbon Black Response How-tos

How to Baseline and Inventory an Environment in Minutes with Carbon Black Response + Surveyor

Keith McCammon, Chief Security Officer

Years ago, as Red Canary began to scale security operations atop the Carbon Black (Cb) Response platform, we immediately started to identify some common use cases: Incident response and investigations Root cause analysis Inventory Cb Response was built for the express purpose of supercharging the incident response process. Instead of painstakingly collecting terabytes of data that need to be loaded, … Read More

Detecting Snake Malware

Detecting Snake Malware Using Cb Response

Keith McCammon, Chief Security Officer

Several days ago, researchers at Fox-IT announced the porting of the Snake malware framework from Windows to the Mac platform. Detecting Snake malware may be difficult as Snake is a relatively complex framework that includes persistence, information stealing, and communications modules among other capabilities. Given this information, we had a need to look retrospectively across our customer base to identify … Read More

Encode All the Things! Investigating PowerShell Attacks

Joe Moles

The year 2016 saw an ever-increasing level of malware authors focusing on default tools built into the operating system. For example, the increase of PowerShell in use today has led many malware authors to work out interesting ways to avoid detection by encoding and obfuscating their methods. To aid security professionals in investigating PowerShell attacks, Red Canary wants to share how … Read More

Security Weekly Talks to Brian Beyer, Red Canary CEO

Suzanne Moore

Paul Asadoorian of Security Weekly recently talked with Brian Beyer, Red Canary CEO, to learn about the company’s mission of bringing world-class threat detection and response to every business. Read the highlights below or watch the full 35-minute video. SW: Tell us about Red Canary. Brian: Myself and the co-founders, Keith McCammon and Chris Rothe, all had this idea while we … Read More

Cut Your Time to Respond With Red Canary + PagerDuty

Brian Beyer

Over the years, our customers have integrated Red Canary detection notifications into a variety of tools. A few of the more common integrations include: Shared incident response email lists Webhooks into JIRA issue tracking systems Syslog into SIEMs Splunk using the Red Canary API Today, we are excited to announce our newest integration and partnership: PagerDuty. Red Canary customers can now instantly receive threat … Read More

News Flash: Red Canary Brings the Year 2001 to Security with SMS. Next Up, Fax Machines…

Chris Rothe

Despite the adoption of SMS across many enterprise products, security vendors have never really integrated SMS capabilities into their offerings. Rather, most security companies focused internally, building new workflows and processes that you had to learn. The recent trend has shifted to integration, bud sadly SMS has been left off the list. Until now! We’re excited announce Red Canary’s use of SMS notifications for … Read More