We are proud to announce that we’ve added support for forensics package collection, human approvals, and more features to our automation product, Exec.
Threats can occur at any time of the day. They don’t care if you’re sleeping, if it’s the weekend, if you’re on vacation, or if you’re short-staffed. For many security teams, it’s a struggle to meet the time sensitivity requirements of containing and remediating threats. What happens when a threat hits your network at 3 a.m.? How do you enforce … Read More
We are very excited to announce that Endgame and Red Canary have partnered to integrate Endgame’s endpoint telemetry into the Red Canary platform. Our teams have worked together for years on research, mapping adversary techniques to ATT&CK™, and most recently on designing Endgame’s streaming APIs for this integration. Endgame now supports the collection of not only process-level telemetry, but a … Read More
In recent posts, we’ve gone behind the scenes with our detection engineering team to explain how we use detectors to improve the quality and efficiency of our threat detection operations. In this post, we’ll cover the creation of a detector: from the idea’s conception, to research and testing, to the moment it “comes to life” and is delivered into production. … Read More
In last week’s post on detection engineering, we explained what “detectors” are and how Red Canary uses them to hunt and identify threats. This article will take a deeper dive to focus on what happens after a detector is produced and how we measure its effectiveness through tuning. As a general rule, we embrace a high false positive rate. Until … Read More
At Red Canary, we are huge believers in sharing methodologies of how and why we do things. It provides opportunities for others to learn and pushes the community forward. Today we are excited to pull back the curtains on Red Canary’s detection engineering team. Our team’s mission is simple: hunt and find threats. Rather than analyzing and triaging alerts like … Read More
How do you know your security solutions are tuned and ready to face actual adversaries? Are you testing new or existing products to provide assurances for detections? If you’re like many teams, you may lack the internal resources or expertise to simulate a specific adversary tactic or technique. That is why we recently created Atomic Red Team, a testing framework … Read More