Detection and Response Features

Request a demo to learn more

We built the most comprehensive endpoint security solution so you don’t have to


A user experience designed to simplify your deployment through response.

Deploy in seconds. 
Windows, Mac OS X, and Linux; native, virtualized, or in the cloud. Most customers get started in less than an hour.

Exactly what you need to know.
Your Red Canary portal is clear, concise, and helps you understand your organization and respond to threats. We promise not to overwhelm you with useless features, graphs, and charts.

Integrate with everything.
Red Canary integrates freely into your workflow through APIs and our email, SIEM, and webhook connectors.


Quickly see everything that happens on every one of your endpoints.

Lightweight Sensor.

Our kernel sensor proactively records and maintains the relationships of immense amounts of endpoint activity while using less than 1% of CPU and 8Mb of RAM.

Endpoint Tagging.

Tag your endpoints by region, purpose, business unit or any other type of organizational information. You’ll then see that tag whenever we detect a threat to that endpoint.

Instant Insight.

Quickly ascertain what users are active on your endpoints, what applications they are using, and inventory your assets.


The most comprehensive and strategic endpoint threat detection technology on the market.

1. Multi-Dimensional Threat Detection.
Red Canary combines binary analysis, behavioral analysis, analytics, and threat intelligence to identify threats.

2. Automated Threat Hunting.
Our Threat Detection Engine uses all four detection technologies to continually analyze every piece of endpoint activity in search of threats.

3. Automated Correlation.
The Threat Detection Engine correlates the events it identifies by endpoint. A multi-stage attack might have 10-20 unique events that are all linked together automatically, in real-time.

4. Automated Risk Scoring.
Each grouping of events is assigned a risk factor. A high likelihood for danger is prioritized to the top of our analyst’s queue for immediate review.

What we detect

Red Canary detects a wide variety of threats to your organization, including:

  • 0-day threats
  • Crimeware
  • Multi-stage attacks
  • APTs
  • Obfuscated executables
  • Lateral movement
  • Insider threats
  • Abnormal user behaviour


The intelligence and tooling you need to respond to a threat within 90 seconds.

Process Visualization.

Red Canary delivers an unmatched ability to instantly understand the root cause of every event on an endpoint with its process tree visualization. Incident response takes a fraction of what it used to.

Actionable Detections.

Our intuitive detections categorize threats, show how we detected it, and what endpoints are affected. Every detection includes a timeline that weaves together indicators of compromise with relevant endpoint activities so you understand the threat and how to respond.

Automated Response from Anywhere.

Responding to threats with Red Canary is simple: isolate the endpoint, craft a response plan, and execute using point-and-click tooling. As long as your employees are connected to the Internet, you can remotely respond to a threat regardless of where they are located.

Human Expertise

The experience, management and continuous involvement demanded by advanced security.

Dedicated SOC.

Red Canary threat analysts review every suspicious event — often thousands per day — to confirm actual threats, remove false positives, and collect the intel needed for the first steps of incident response.

No Alert Fatigue.

Our false positive rate is well less than 1% – you’ll likely only get one every year. You can be confident that every detection you receive from Red Canary is reliable and requires your attention.

Fully Managed.

Red Canary requires no on premise hardware, no additional software licenses, and no maintenance and updates. We manage everything needed to power your service – you simply deploy the sensor.

Start securing your endpoints today