Red Team vs Red Canary: How Sparring with Customers Improves Security

Suzanne Moore

Testing the newest and most advanced techniques keeps our Cyber Incident Response Team (CIRT) on its A-game. The tougher, the better! Learn how a mature security team runs regular red team tests to validate Red Canary’s detection and response capabilities.

Atomic Friday: Live Community Discussions on Atomic Red Team

Introducing Atomic Friday: Live Discussions with the Atomic Red Team Community

Casey Smith, Michael Haag

We’re excited to launch a new extension of the Atomic Red Team project: Atomic Friday. Starting November 9, these live community discussions will be held regularly to talk about how security teams are using Atomic Red Team to improve detection and defense. Each session will focus on actionable ideas surrounding specific ATT&CK techniques.

Atomic Red Team

One Year of Atomic Red Team! Looking Back and Ahead

Casey Smith

It is crazy to think it’s been a year since we launched our Atomic Red Team project! In honor of the milestone, here’s a look back at some of our favorite memories, lessons learned, and a preview of what’s ahead.

Atomic Red Team

Q&A from the “Automating Atomic Red Team” Webcast

Casey Smith, Michael Haag

There was a great turnout for the latest Atomic Red Team webcast! Thanks to all the people that attended. We had some outstanding audience questions on the new YAML structure, use cases, and CALDERA, MITRE’s automated adversary emulation system. We’ll use this post to go through some of the Q&A in case you couldn’t attend or had to jump off … Read More

Atomic Red Team

Introducing the Next Chapter of Atomic Red Team

Casey Smith, Michael Haag, Brian Beyer

It’s been nearly nine months since we launched Atomic Red Team and we’ve been blown away by the tremendous response from the community. It’s exciting to see so many teams testing their security controls and getting a better understanding of what they can and cannot detect. We initially created Atomic Red Team to help security teams (including our own) test … Read More

Driving Efficacy Through Detector Tuning: a Deeper Dive Into Detection Engineering

Keshia LeVan

In last week’s post on detection engineering, we explained what “detectors” are and how Red Canary uses them to hunt and identify threats. This article will take a deeper dive to focus on what happens after a detector is produced and how we measure its effectiveness through tuning. As a general rule, we embrace a high false positive rate. Until … Read More