Red Canary Exec: Security Automation and Orchestration Tools

Introducing Red Canary Exec, a New Security Automation Solution

Joren McReynolds

Threats can occur at any time of the day. They don’t care if you’re sleeping, if it’s the weekend, if you’re on vacation, or if you’re short-staffed. For many security teams, it’s a struggle to meet the time sensitivity requirements of containing and remediating threats. What happens when a threat hits your network at 3 a.m.? How do you enforce … Read More

Red Canary and Endgame

Red Canary and Endgame Announce Partnership

Keith McCammon, Chief Security Officer

We are very excited to announce that Endgame and Red Canary have partnered to integrate Endgame’s endpoint telemetry into the Red Canary platform. Our teams have worked together for years on research, mapping adversary techniques to ATT&CK™, and most recently on designing Endgame’s streaming APIs for this integration. Endgame now supports the collection of not only process-level telemetry, but a … Read More

detection capability

Breathing Life into Detection Capability: the Creation of Detector #1236

Tony Lambert

In recent posts, we’ve gone behind the scenes with our detection engineering team to explain how we use detectors to improve the quality and efficiency of our threat detection operations. In this post, we’ll cover the creation of a detector: from the idea’s conception, to research and testing, to the moment it “comes to life” and is delivered into production. … Read More

Driving Efficacy Through Detector Tuning: a Deeper Dive Into Detection Engineering

Keshia LeVan

In last week’s post on detection engineering, we explained what “detectors” are and how Red Canary uses them to hunt and identify threats. This article will take a deeper dive to focus on what happens after a detector is produced and how we measure its effectiveness through tuning. As a general rule, we embrace a high false positive rate. Until … Read More

Red Canary Detector Development

Behind the Scenes with Red Canary’s Detection Engineering Team

Kyle Rainey

At Red Canary, we are huge believers in sharing methodologies of how and why we do things. It provides opportunities for others to learn and pushes the community forward. Today we are excited to pull back the curtains on Red Canary’s detection engineering team. Our team’s mission is simple: hunt and find threats. Rather than analyzing and triaging alerts like … Read More

Atomic Red Team Testing

Red Canary Introduces Atomic Red Team, a New Testing Framework for Defenders

Casey Smith

How do you know your security solutions are tuned and ready to face actual adversaries? Are you testing new or existing products to provide assurances for detections? If you’re like many teams, you may lack the internal resources or expertise to simulate a specific adversary tactic or technique. That is why we recently created Atomic Red Team, a testing framework … Read More

How to Quickly Automate a Response Playbook With Carbon Black

Keith McCammon, Chief Security Officer

Outwardly, Red Canary appears to focus heavily on the “Detection” in Endpoint Detection and Response. Much of what we share addresses the need to understand the platforms that we defend, and techniques that can be applied to detect threats to those platforms in a manner that lends to both accuracy and scale. But this is not to say that we … Read More