Ask Partner Network Compromise: Operational Lessons on Software Supply Chain Risk

Joe Moles

On 5 November, Red Canary detected suspicious activity associated with Windows applications distributed by the Ask Partner Network (a.k.a. APN,, or simply Ask). Upon further inspection, we discovered that Ask’s software was being co-opted by a malicious actor to execute malicious software on victims’ endpoints. Ask is self-described as providing “solutions to help software developers acquire and monetize users.” … Read More

Security Weekly Talks to Brian Beyer, Red Canary CEO

Suzanne Moore

Paul Asadoorian of Security Weekly recently talked with Brian Beyer, Red Canary CEO, to learn about the company’s mission of bringing world-class threat detection and response to every business. Read the highlights below or watch the full 35-minute video. SW: Tell us about Red Canary. Brian: Myself and the co-founders, Keith McCammon and Chris Rothe, all had this idea while we … Read More

Improving Detection and Response: Can Thinking Backward Move Your Security Forward?

Chris Rothe

Recently I’ve been pondering a way of thinking about detection and response. In my mind it is called “Response-Enabled Detection” and it reminds me of the golf strategy of playing a hole backwards. Most of us amateur golfers stand on the tee box and try to pick a spot to hit the ball based on our current perspective. From there … Read More

Endpoint security vs network security

Endpoint Security vs Network Security: Where to Invest Your Budget

Phil Hagen

We frequently receive variations of one question in particular: If I can only invest in one kind of visibility solution, should it be a network or endpoint solution? As an endpoint-focused company you may expect we provide a neatly canned, knee-jerk response favoring our platform. However, the reality is never that simple. As you might expect, each of these platforms … Read More

Build vs. Buy: Not Mutually Exclusive

Keith McCammon, Chief Security Officer

The “build vs buy” debate in security technology has been argued so many times that there are few unique positions left to take. Builders prioritize flexibility and control, while buyers prioritize predictable performance, scale, cost, and results. The debate continues not because there are groundbreaking arguments in favor of one or the other. The build vs buy debate continues because … Read More

Help, I Need an MSSP! Five Guidelines to Evaluate MSSPs

Michael Haag

During the course of my career I’ve gone from working at a large Managed Security Service Provider (MSSP) to leading security for a Fortune 150. I’ve been on both sides of MSSP relationships and understand the challenges faced by both parties. If you’re reading this, chances are that you’re in the market for an MSSP and your immediate challenge is determining … Read More

Outsourcing Your Endpoint Security: Webinar Recap

Chris Rothe

Thank you once more to everyone who took the time to attend Cover Your Security Gaps with Outsourced Endpoint Detection & Response! We had fantastic attendance, and really great questions during the presentation. If you missed the webinar, or if you loved it so much that you’d like to watch it again, you can view it here. I thought I’d … Read More