Red Canary is excited to announce new integrations and capabilities that broaden the scope of Red Canary MDR. We’ve deepened our integrations with the following leading security tools:
Okta Workforce Identity
Red Canary now applies proprietary detections to logs from Okta Workforce Identity, a tool that manages identities, enables multi-factor authentication, provides single-sign-on capabilities, and more to help organizations secure access to their resources. The Red Canary detections uncover MFA fatigue attacks and will broaden our detection of other identity-focused threats using Okta. We already investigate alerts from Okta Workforce Identity, and customers can set up automated responses in the product via Red Canary. For example, you could set up an automated response such that anytime Red Canary detects malicious software on a device, the associated Okta user is automatically suspended or required to reauthenticate and then added to an Okta group with access restrictions.
Red Canary now investigates alerts from Cisco Umbrella, a solution that provides secure access service edge (SASE) services to help organizations securely access the internet and cloud apps. Umbrella offers DNS security at its core with the ability to add secure web gateway, cloud-delivered firewall, cloud access security broker (CASB), threat intelligence, and other capabilities.
Palo Alto Networks Wildfire
Red Canary now investigates alerts from Palo Alto Networks Wildfire, a cloud-based sandbox service that detects and blocks previously unknown malware. Wildfire examines files and email links and determines if they are malicious. If they are malicious, Wildfire generates a signature for the behavior and makes the signature available globally for retrieval in real-time. The product extends the capabilities of Palo Alto Networks’ next-generation firewalls, which Red Canary already integrates.
Palo Alto Networks Threat Prevention
Red Canary now investigates alerts from Palo Alto Networks Threat Prevention, a tool that protects your network by detecting and blocking threats across all traffic–regardless of port or protocol. Threat Prevention automatically blocks known malware and vulnerability exploits and offers the ability, via policy, to selectively decrypt and inspect TLS/SSL traffic to strike a balance between security and performance.