Building a SOC

Security Operations Lessons: What My Team Learned Building and Maturing a SOC

Scott Worden, Security Engineer

Building and maturing a Security Operations Center (SOC) is different for every organization. In this guest post, a security engineer at an insurance company in the Midwest shares what he learned as part of a three-person security team charged with implementing a SOC. The following views are his own and not those of his organization or team. Someone once said … Read More

Driving Efficacy Through Detector Tuning: a Deeper Dive Into Detection Engineering

Keshia LeVan

In last week’s post on detection engineering, we explained what “detectors” are and how Red Canary uses them to hunt and identify threats. This article will take a deeper dive to focus on what happens after a detector is produced and how we measure its effectiveness through tuning. As a general rule, we embrace a high false positive rate. Until … Read More

Red Canary Detector Development

Behind the Scenes with Red Canary’s Detection Engineering Team

Kyle Rainey

At Red Canary, we are huge believers in sharing methodologies of how and why we do things. It provides opportunities for others to learn and pushes the community forward. Today we are excited to pull back the curtains on Red Canary’s detection engineering team. Our team’s mission is simple: hunt and find threats. Rather than analyzing and triaging alerts like … Read More

Common SIEM Issues

Why a SIEM Won’t Solve All Your Problems: 5 Common Issues and How to Avoid Them

Justin Henderson

Today’s organizations suffer from a gap in detection capabilities. Research such as the Mandiant M-Trends report show that the median time to detect an adversary is 99 days. Even if you interpret this with a grain of salt, there’s no doubt that the ability to catch an adversary is far from where it should be. Many organizations look to implement … Read More

Security Architect Lessons

Security Architect Lessons: What I Learned Managing and Assessing Cyber Risk at a Fortune 200

Michael Haag

I worked as the security leader of a global Fortune 200 organization for two years, where I was responsible for cyber security strategy, architecture, and risk reduction during an extended phase of rapid growth and acquisition. I focused on ensuring we had visibility across the most vital layers while working with each entity to mature their security posture and address … Read More

Red Canary at RSA

Join Red Canary at RSA for Real Security Conversations With Real Security People

Suzanne Moore

If you’ve been to RSA, you know the expo hall can be full of flashy product pushes. Join Red Canary at RSA Booth #2225 for real security conversations with real security people. We’ll have a combination of founders, security operations, researchers, technical account managers, and customer success managers on-site. (And of course, everyone’s favorite: free t-shirts and stickers.) Are you … Read More

Lateral Movement and Cryptomining

Tried-and-True Tactics: How an Adversary Mixed Lateral Movement and Cryptomining

Tony Lambert

Cryptomining continues to be a hot topic as the values of cryptocurrencies fluctuate, and adversaries use mining as an easy way to make money without needing escalated privileges. In my last detection post, I wrote about mining as the objective of exploitation against Oracle WebLogic systems. In this detection, we’ll look at how one adversary supplemented operations with a little … Read More