Product updates
Joren McReynolds

A new approach to Cloud Workload Protection

Red Canary Cloud Workload Protection helps businesses of any size, industry, or sophistication discover and protect endpoints.

We have heard loud and clear from our customers and the market that there is an opportunity for someone to invest in advancing the state of the art when it comes to cloud Linux adversary tactics and techniques, and how to detect and defend against them, as we explored in my last couple of blogs here and here.

We are proud to announce Red Canary Cloud Workload Protection, a product built solely for cloud Linux workloads, focusing on the unique constraints and desires that DevOps, engineering, and security teams demand, ranging from performance and safety to meaningful threat detection outcomes that are powered by Linux-first features.

Why Red Canary

Red Canary has earned the trust of being a security ally for organizations ranging from SMBs to Fortune 500 businesses. We are a leader in Managed Detection and Response (MDR), with years of experience in ingesting, standardizing, and analyzing endpoint and workload telemetry to deliver high-fidelity threats to our customers.

In the past decade, we have scaled our technology, people, and expertise to uniquely position us to be able to deliver against cloud workload protection outcomes. Our company DNA is rooted in finding threats others aren’t, minimizing false positives and delivering amazing customer support to our customers pre- and post-sales. Our infrastructure has been “cloud native” since day one.

From a business perspective, this isn’t an experiment or a science project. Red Canary Cloud Workload Protection is supported by a dedicated organization of engineers, analysts, researchers, customer support team, and more. You’ll feel and experience this through unique product features like rootkit identification and fileless attack detection, in addition to first-class service features like real-time support in Slack.

Why Red Canary Cloud Workload Protection

Red Canary Cloud Workload Protection is dedicated to cloud workloads. As a result, we have the time, resources, and flexibility needed to make Linux-first decisions, which has resulted in our unique set of features, ranging from transparent sensor performance reporting to threat detection capabilities that move well past basic bitcoin miners.

A brief overview of the value we bring and how we’re different is highlighted below.

A subscription for any business: Whether you’re looking for a forever-free product that helps you collect detailed telemetry for compliance or DIY threat analysis, a paid product that delivers you high-fidelity threat alerts, or a fully managed service that ensures your team only receives confirmed, detailed detections, we have you covered.

Safety and performance: Our lightweight sensor operates entirely in userland, avoiding kernel modules, hooking, or code injection—implementations that can lead to system instability, kernel panics, and system crashes. Additionally, we provide transparent sensor performance reporting in customer portals, giving customers and their stakeholders the confidence they need when deploying to business-critical systems.

First-class telemetry and detection capabilities: Our telemetry collection and threat detection capabilities—including behavioral detection, rootkit identification, fileless malware detection, and more—exceed existing industry standards, giving customers the confidence that if there is a threat, we will find it.

Support for your entire environment: We support a wide range of Linux distributions, versions, and kernels, as well as the latest container and container orchestration technologies, including Kubernetes and Docker. This gives customers visibility and detection outcomes for ephemeral or long-lived workloads, meeting customers where they are, not the other way around.

Next generation support: Customers receive real-time support from Red Canary via Slack, communicating in the same way they work with their colleagues.

We have been protecting some of the largest cloud-powered businesses for nearly a year now, and we are proud to make this technology available to everyone.


A steady hand throughout security sea changes


Respond and remediate faster with Red Canary’s new Splunk Phantom integration


Automatically block IPs and domains with Red Canary + Microsoft


Introducing Red Canary CWP Shell Activities

Subscribe to our blog