Mapping Detectors to MITRE ATT&CK

Red Canary ATT&CKs (Part 3): Mapping Our Detectors to ATT&CK Techniques

Kyle Rainey

As discussed in Part 1 of this series, we decided that using the MITRE ATT&CK framework would give us a common language to describe adversary tactics and techniques. This would help us to effectively share information amongst our internal teams, our customers, and the community at large. In this post, we will walk through the process of mapping our 800+ … Read More

Red Canary Product

Red Canary ATT&CKs (Part 2): Designing ATT&CK Interfaces in Red Canary

Chris Rothe

This is the second part of a series on why and how Red Canary chose MITRE’s ATT&CK framework as our common language for adversary tactics and techniques. This post describes the design and interface tradeoffs our engineering team considered, lessons learned, and key takeaways that security teams can use when applying ATT&CK to their security programs. When Red Canary’s security … Read More

Red Canary and MITRE ATT&CK

Red Canary ATT&CKs (Part 1): Why We’re Using ATT&CK Across Red Canary

Keith McCammon, Chief Security Officer

Information security is grounded in risk management. And, because what gets measured gets managed, we rely on a variety of frameworks and key performance indicators to tell us whether we’re moving in the right direction. Frameworks like those provided by the National Institute of Standards and Technology (NIST) and the Federal Financial Institutions Examination Council (FFIEC) allow us to measure … Read More

Atomic Red Team Testing

Atomic Red Team Tests: Catching the Dragon by the Tail

Casey Smith, Michael Haag

Before testing your security controls, it’s extremely beneficial to understand the threat actors your organization may be facing. Nick Carr at FireEye published an excellent post a while back on how an actual adversary operates. We strongly encourage you to check it out for a solid understanding of the capabilities and behaviors exhibited by a group of attackers. We decided to … Read More

Atomic Red Team Testing

Red Canary Introduces Atomic Red Team, a New Testing Framework for Defenders

Casey Smith

How do you know your security solutions are tuned and ready to face actual adversaries? Are you testing new or existing products to provide assurances for detections? If you’re like many teams, you may lack the internal resources or expertise to simulate a specific adversary tactic or technique. That is why we recently created Atomic Red Team, a testing framework … Read More

Carbon Black Splunk threat hunting

Operationalizing Data With the Carbon Black and Splunk Integration (Part 1)

Michael Haag

Over the last 5 years I have grown very close to Splunk. The product has evolved so much over the years, but the core architecture has always been easy to deploy and understand. Splunk is known for the speed at which it can search for data, the reliability of its architecture, and the ability to spin up multiple indexers and … Read More

Using Carbon Black Response to Mitigate ETERNALBLUE

Keith McCammon, Chief Security Officer

In case you’ve been under a rock: There’s a wee problem with ransomware, fueled by the public release of a handful of high quality access (exploit) and persistence (backdoor) utilities. Most recently, these have manifested in the form of the WannaCry and Petya epidemics. While good intelligence on Petya infection vectors and lateral movement techniques are in a state of … Read More