One of the longest standing problems facing security teams is managing alerts. The foundation of Red Canary, and of our Managed Detection & Response (MDR) offering, is the endpoint telemetry that we collect from our partners’ Endpoint Detection and Response Solutions (EDR) platforms. This data and the features provided by leading endpoint-based platforms are uniquely suited to enable depth of threat detection, thorough investigation, and an effective, automated response.
Despite our focus on the endpoint, however, we have always identified first as an ally to the security teams that we serve. Data sources and technology are thoughtfully considered, but they are a means to an end: Our ultimate mission is to solve the problems that matter the most to our customers.
Security teams spend untold amounts of time and money on technology and services aimed at collecting, triaging, and attempting to validate the potential threats surfaced by alerts. They buy a SIEM or log aggregation platform to collect and correlate alerts. They buy a SOAR platform to automate portions of their investigative and response process. And in most cases, teams still need an MSSP or co-managed SIEM provider to manage all of this technology and infrastructure, triage tens or hundreds of thousands of alerts, and help to control the chaos.
Learning through discovery
Over the years, we at Red Canary have done a lot of discovery. We’ve been able to learn from our interactions with customers, our incident response partners, and, of course, our incident handling team who work on the front lines with customers each and every day. Through this journey, we were able to identify a handful of recurring themes and a consistent set of problems that security teams set out to solve.
Security teams need:
- A standardized way to collect and correlate alerts, so that everything is in one place and it’s easy to spot commonalities and trends
- Clear prioritization of alerts, to identify which alerts to investigate first
- Tuning capabilities, to quickly and accurately dispose of false positives
- Automation, to enable swift action on high-confidence or high-impact alerts
- Expert help investigating the alerts that matter the most
When we’re not mired in the rat’s nest of technology and services that are typically required to address all of these challenges, it becomes easier to understand the purpose: Find the alert that matters, faster.
A single view of alerts
With Red Canary Alert Center, we’re excited to deliver a solution that makes this possible, and in a manner that is simple, comprehensive, and effective:
- Our fully cloud-based solution requires no on-premises installation and can accept data via standard transports such as email, syslog, webhooks, or third-party APIs. Scaling and interoperability are Red Canary’s problems, not yours.
- Alert Center correlates alerts with endpoints and identities first, then prioritizes based on risk so that it’s clear which security alerts are most important.
- Slash through false positives by identifying attributes that you want to use to safely suppress a given alert in the future, and let our platform take it from there.
- Use our powerful automation features to notify team members, take containment actions via live response, capture forensic data, or leverage your cloud-based identity provider’s security features to protect against a compromised user.
- Get expert assistance from our Cyber Incident Response Team (CIRT), who investigates high severity alerts that correlate with monitored endpoints. Your dedicated Incident Handling team is always standing by to assist with investigations of alerts, or with anything else that your security team needs.
We’re pleased to offer this service using the same fair and transparent endpoint-based pricing and licensing model that we’ve always used. We believe that charging based on things like the number of products used, the number of events generated, or the volume of data produced creates a disincentive that runs counter to improving security outcomes.
Alert Center pricing is based on the number of endpoints that we monitor, and nothing else. This means that your costs are known, whether you’re sending us hundreds of alerts from one or two products, or tens of thousands of alerts from a dozen products. Ship it all, we’ll sort it out.
We’ve been delivering Alert Center to many Red Canary customers via our Early Access program and are excited to now open up these new alert management capabilities to the world.