Every Red Canary detector is defined in code and continuously exercised by unit tests so you have confidence it works when it needs to.
Mapped to ATT&CK
Red Canary detectors are mapped to MITRE ATT&CK™ techniques so you can quickly understand the additional detection coverage Red Canary brings to your program.
We identify a broad range of adversary activities. We are obsessed with identifying the part of an attack that is hardest for an adversary to change: their behaviors.
Our threat research and detection development teams have invested years in mapping and identifying adversarial techniques. You can activate that coverage in hours.
Easily prove detection
Open source Atomic Red Team tests make it simple for every security team to quickly measure their coverage against evolving threats and prove ongoing effectiveness.
Broad coverage begins with deep visibility
Every attacker performs various behaviors in order to breach an organization and accomplish their objectives. Red Canary hunts through massive amounts of data to identify hundreds of different patterns of behaviors used by adversaries, such as:
We ingest all endpoint processes and identify behavioral patterns that are representative of suspicious or malicious activity. This includes potential insider actions and attackers who are “living off the land” using native tools to hide their intentions.
Unlike most black box security solutions, Red Canary gives you complete visibility into the detectors we use and the threats they detect. We care as much about improving your understanding of adversary behavior as we do detecting them in your organization.