May 4, 2020 Product updates
Cordell BaanHofman

Red Canary launches new MDR offering powered by Microsoft Defender ATP

Microsoft Defender ATP customers can now receive Red Canary’s proven detection coverage and eliminate false positives.

We are excited to officially announce Red Canary’s integration with Microsoft and bring exceptional security operations to teams that use Microsoft’s security products. The first integration—which has been live with select customers for nearly a year and is now globally available—supercharges the Microsoft Defender ATP endpoint protection platform with Red Canary’s Managed Detection & Response offering.

Thanks to our tight partnership with the M365 Security & Compliance product team, Microsoft Defender ATP customers can now receive Red Canary’s proven detection coverage and elimination of false positives. Even better, onboarding to the Red Canary service takes minutes. The Microsoft engineering teams have done great work to enable advanced security operations like Red Canary to process the complete Microsoft Defender ATP telemetry.

From day one, Red Canary has been driven by finding what makes the biggest difference to security teams. We found their biggest worry was not only whether they’d be able to detect a successful attack, but how long it would take for them to find it and recover. Most security products and services are focused on “before” an attack. We set out to deliver a solution that materially improves the “after” — identifying, investigating, and remediating successful attacks.

Microsoft Defender ATP’s industry-leading EPP and EDR capabilities are expanding beyond just Windows. As Microsoft continues executing on their vision to unify security under Microsoft Threat Protection, Red Canary will continue being a valuable core of those companies’ security operations. After working with several customers over the past year to ensure we could deliver the Red Canary standard of quality, we are excited to publicly announce this support.

What customers are saying

Terence Jackson, CISO at Thycotic and Microsoft Defender ATP user, describes what it’s like working with Red Canary:

I have a small team that has to protect a pretty large footprint. I know the importance of detecting, preventing and stopping problems at the entry point, which is typically the endpoint. We have our corporate users but then we also have SaaS customers we have to protect. Currently my team tackles both, so for me it’s about having a trusted partner that can take the day-to-day hunting/triage/elimination of false positives and only provide actionable alerts/intel, which frees my team up to do other critical stuff.

How does it work?

The integration is simple and designed to activate security operations for Microsoft Defender ATP customers within minutes:

  1. Microsoft Defender ATP streams cyber telemetry it collects to Red Canary.
  2. After pulling all of the alerts from Microsoft Defender ATP, Red Canary standardizes the telemetry and alerts into our internal format.
  3. The Red Canary Engine analyzes the data and surfaces potential threats.
  4. Red Canary detection engineers investigate and confirm threats and publish full-context detections to the customer.

 

Red Canary launches new MDR offering powered by Microsoft Defender ATP (formerly known as Windows Defender ATP)

Customers seeking preventative technology can use Microsoft Defender ATP’s antivirus, while Microsoft Defender ATP’s EDR capabilities provide Red Canary the telemetry needed to continuously hunt for and investigate advanced attacker behaviors, techniques, and tools.

Getting started

Whether you’ve been using Microsoft Defender ATP since its preview releases or are just getting started, Red Canary is your ally in defending your organization. We provide the fastest way to enhance your detection coverage and eliminate false positives so you know exactly when and where to respond.

Contact us at redcanary.com/microsoft-mtp or sales-mtp@redcanary.com to see a demo and learn more.

Subscribe to our blog