Prior to creating Red Canary we used to do a lot of incident response work. Most of those customers were repeat customers both because they were ripe targets for attack and – not to humble-brag too much – we provided a great service at a very good price. We also left behind a great product (Cb) which, we argued, would make subsequent IRs much cheaper and take less time.
We were right of course and the market has spoken in that regard.
But an interesting thing happened as we signed up customers: we WERE doing IRs faster and cheaper than anyone else…we were also doing A LOT MORE of them. Like, something new that needed attention every week. If the findings in the DBIR are correct, a good number of these incidents would have not been detected for months under normal circumstances.
We support large and small businesses that work in a range of industries. They all have varying levels of sophistication when it comes to computer security, but the one thing they all have in common is that they’re basically being attacked all the time and these attacks are usually successful. Think about that for a minute and imagine our customer base as a microcosm of the rest of the online world: everyone is owned all the time.
At this point you’re asking yourself, “how am I supposed to protect myself in such an environment?” and the answer is that you can’t. Your defenses will come up short at some point, which is why you need to make sure detection and remediation is as fast and easy as possible.
Related Articles
Translating our detection engine: A journey from JRuby to Go
Best practices for securing Azure Active Directory
Best practices for securing Azure Active Directory
Strengthen your Core with NIST’s updated cybersecurity framework