Celebrating Red Canary’s Best Security Blogs of 2017

Suzanne Moore

Share this

2017 was a big year for the Red Canary blog! We wrote dozens of articles and added a roster of outstanding contributors—ranging from security analysts, threat researchers, technical account managers, and incident responders to C-level security experts both inside and outside of Red Canary.

A few articles really caught the attention of the security community in 2017, so we wanted to highlight them again to wrap up the year. Enjoy!

Subscribe to the Red Canary blog to receive security best practices and threat information


How to Use Windows API Knowledge to Be a Better Defender

By Ben Downing, Security Analyst

Best Security Blogs of 2017

The Windows API is a large, complex topic with decades of development history and design behind it. Although it is far too vast to cover in a single article, even a cursory knowledge is enough to improve event analysis and basic malware analysis skills. Understanding how Windows works can help defenders to better understand and defend against threats, know where attackers might be hiding, and identify improvements to limit attackers’ abilities.

This Windows technical deep dive provides an overview of what the Windows API is, how and why executables use the API, and how to apply that knowledge to improve defenses.

Read Now >>


3 Practical Ways for Lean Security Teams to Boost Their Defenses

By Casey Smith, Director of Applied Research

Best Security Blogs of 2017We often use the warfare analogy when talking cyber security. It is a model that works well to articulate the landscape and posture organizations need to take when thinking about securing their environments. As Michael Hayden famously said: “You are in the fight, whether you thought you were or not.” While you don’t get to choose the time and place the attacker may show up, you certainly can choose how you prepare and train for the fight.

This article walks through 3 practical steps to help prepare organizations to face modern threats with constrained resources.

Read Now >>


Red Canary Introduces Atomic Red Team, a New Testing Framework for Defenders

By Casey Smith, Director of Applied Research, and Michael Haag, Director of Advanced Threat Detection & Research

Best Security Blogs of 2017Many security teams lack the internal resources or expertise to simulate a specific adversary tactic or technique. That’s why Red Canary’s Applied Research Team created Atomic Red Team, an open-source testing framework that enables defenders to test their detections against a broad spectrum of attacks. The framework is comprised of small, highly portable detection tests mapped to the MITRE ATT&CK Framework. Each test is designed to map back to a particular tactic.

This article walks through how to use the Atomic Red Team framework and includes a short “how-to” video.

Read Now >>


How to Prevent Ransomware: 5 Practical Techniques and Countermeasures

By Michael Haag, Director of Advanced Threat Detection & Research

Best Security Blogs of 2017Security professionals often ask: “What is the best product to prevent ransomware?” But there is not a single product to solve all the problems. Your strategy to defend against ransomware needs to go beyond the standard backups and “up-to-date” anti-virus definitions. A defense-in-depth, holistic security program is required to prevent ransomware, and more importantly to detect it.

Whether you have dealt with ransomware or are preparing for it, this article provides helpful guidance by sharing practical techniques and technical controls that you can use to detect and prevent ransomware.

Read Now >>


Threat Hunting Is Not a Magical Unicorn

By Joe Moles, Director of Detection Operations

Best Security Blogs of 2017Threat hunting, like most market buzz terms, started with a concept or an idea, and then got overused and misused by every vendor, blogger, and Twitter account with an opinion. This has led to a lot of confusion for security teams that want to build a threat hunting capability. So what is threat hunting and how do you do it? This article breaks through the myths and shares a systemic approach.

Read Now >>


Using Alternate Data Streams to Bypass User Account Controls

By Keshia LeVan, Security Analyst

Best Security Blogs of 2017There are some pretty cool PowerShell frameworks out there, which means it’s relatively common to see PowerShell doing nefarious things. This post walks through several common methods that attackers use, including a relatively novel way to bypass UAC in order to elevate commands to run with Administrative privileges via Wscript and a file written to an ADS, illustrated using data derived from the Carbon Black Response Endpoint Detection and Response (EDR) platform.

Read Now >>


Are You Using Tabletop Simulations to Improve Your Information Security Program?

By Kyle Rainey, Security Analyst

Best Security Blogs of 2017Tabletop simulations provide a great vehicle for organizational awareness and training for inevitable security incidents. They allow a team to come together in a low-stress environment and assess their procedures and plans. Yet for most organizations, these exercises are conducted once a year as a compliance requirement or to spend unused retainer hours from an incident response services provider. So how do we better design and deliver a simulation that drives our security program toward a state of continuous improvement?

Read Now >>


Looking Ahead to 2018: A Note From the Editor

As Red Canary grows, so does our roster of contributors. This is a truly unique quality. Our analysts, researchers, technical account managers, and security strategists have a variety of backgrounds and skillsets. They come from all parts of the country. But they share one common mission: make security better for organizations of all sizes.

Looking back at the articles we published this year reminded me of the quote: “The whole is greater than the sum of its parts.” Individually, our writers represent some of the industry’s best and brightest minds. Together, we are a team of experts with the potential to truly make security better.

The Red Canary blog will continue to bring security professionals new ideas, hands-on techniques, and educational resources for improving their security programs. Here’s to another year of great security—and great blogs!

Have an idea for a blog post? Want to join our team of contributors? We’re always on the lookout for new talent and ideas. Pitch your ideas to: marketing@redcanary.com.