Atomic Red Team Testing

Red Canary Introduces Atomic Red Team, a New Testing Framework for Defenders

Casey Smith

How do you know your security solutions are tuned and ready to face actual adversaries? Are you testing new or existing products to provide assurances for detections? If you’re like many teams, you may lack the internal resources or expertise to simulate a specific adversary tactic or technique. That is why we recently created Atomic Red Team, a testing framework … Read More

Carbon Black Splunk threat hunting

Operationalizing Data With the Carbon Black and Splunk Integration (Part 1)

Michael Haag

Over the last 5 years I have grown very close to Splunk. The product has evolved so much over the years, but the core architecture has always been easy to deploy and understand. Splunk is known for the speed at which it can search for data, the reliability of its architecture, and the ability to spin up multiple indexers and … Read More

Using Carbon Black Response to Mitigate ETERNALBLUE

Keith McCammon, Chief Security Officer

In case you’ve been under a rock: There’s a wee problem with ransomware, fueled by the public release of a handful of high quality access (exploit) and persistence (backdoor) utilities. Most recently, these have manifested in the form of the WannaCry and Petya epidemics. While good intelligence on Petya infection vectors and lateral movement techniques are in a state of … Read More

Carbon Black Response How-tos

How to Baseline and Inventory an Environment in Minutes with Carbon Black Response + Surveyor

Keith McCammon, Chief Security Officer

Years ago, as Red Canary began to scale security operations atop the Carbon Black (Cb) Response platform, we immediately started to identify some common use cases: Incident response and investigations Root cause analysis Inventory Cb Response was built for the express purpose of supercharging the incident response process. Instead of painstakingly collecting terabytes of data that need to be loaded, … Read More

Detecting Snake Malware

Detecting Snake Malware Using Carbon Black Response

Keith McCammon, Chief Security Officer

Detecting Snake malware may be difficult as Snake is a relatively complex framework that includes persistence, information stealing, and communications modules among other capabilities. When researchers at Fox-IT announced the porting of the Snake malware framework from Windows to the Mac platform, we had a need to look retrospectively across our customer base to identify any potential Snake malware victims. … Read More