We are excited to officially announce Red Canary’s integration with Microsoft and bring exceptional security operations to teams that use Microsoft’s security products. The first integration—which has been live with select customers for nearly a year and is now globally available—supercharges the Microsoft Defender ATP endpoint protection platform with Red Canary’s Managed Detection & Response offering.
Thanks to our tight partnership with the M365 Security & Compliance product team, Microsoft Defender ATP customers can now receive Red Canary’s proven detection coverage and elimination of false positives. Even better, onboarding to the Red Canary service takes minutes. The Microsoft engineering teams have done great work to enable advanced security operations like Red Canary to process the complete Microsoft Defender ATP telemetry.
From day one, Red Canary has been driven by finding what makes the biggest difference to security teams. We found their biggest worry was not only whether they’d be able to detect a successful attack, but how long it would take for them to find it and recover. Most security products and services are focused on “before” an attack. We set out to deliver a solution that materially improves the “after” — identifying, investigating, and remediating successful attacks.
Microsoft Defender ATP’s industry-leading EPP and EDR capabilities are expanding beyond just Windows. As Microsoft continues executing on their vision to unify security under Microsoft Threat Protection, Red Canary will continue being a valuable core of those companies’ security operations. After working with several customers over the past year to ensure we could deliver the Red Canary standard of quality, we are excited to publicly announce this support.
What customers are saying
Terence Jackson, CISO at Thycotic and Microsoft Defender ATP user, describes what it’s like working with Red Canary:
I have a small team that has to protect a pretty large footprint. I know the importance of detecting, preventing and stopping problems at the entry point, which is typically the endpoint. We have our corporate users but then we also have SaaS customers we have to protect. Currently my team tackles both, so for me it’s about having a trusted partner that can take the day-to-day hunting/triage/elimination of false positives and only provide actionable alerts/intel, which frees my team up to do other critical stuff.
How does it work?
The integration is simple and designed to activate security operations for Microsoft Defender ATP customers within minutes:
- Microsoft Defender ATP streams cyber telemetry it collects to Red Canary.
- After pulling all of the alerts from Microsoft Defender ATP, Red Canary standardizes the telemetry and alerts into our internal format.
- The Red Canary Engine analyzes the data and surfaces potential threats.
- Red Canary detection engineers investigate and confirm threats and publish full-context detections to the customer.