A key step in the Red Canary on-boarding process is understanding customers’ processes and tools so we can configure integrations that minimize the need for IT and security analysts to break workflow and access yet another system. When everything from our context-rich detections to raw endpoint telemetry is integrated with your existing systems, you get immediately useful context without needing to learn a new tool or workflow. We are going … Read More
Red Canary vs. PoshRAT: Detection in the Absence of Malware
Detecting malware isn’t easy per se. However, in all but the most sophisticated* attacks, this involves detecting the introduction of something new into an environment. Most of the time this is trivial, some of the time it can be subtle and challenging. But in either case, it is orders of magnitude easier than detection of a malicious insider or an entrenched attacker, both of whom look similar … Read More
Applying the National Intelligence Process to Information Security
The “Intelligence” approach to information security is growing in popularity, but many are still struggling to define what this means to their own processes. Red Canary has drawn upon the time-tested and well-defined procedures followed by practitioners of secret intelligence – spies, satellites, drones, etc. – in order to explain how to build and manage an intelligence process that will … Read More
Closing Critical Gaps in the Defense Industrial Base
Every organization has gaps in its security posture. There is simply too much surface area and too few resources for organizations to perfectly cover all the gaps. Given enough time, attackers will find and exploit these gaps. Below is a high-level case study of one such incident that occurred a year ago at a mid-sized United States defense contractor. The contractor had appropriate perimeter … Read More
Detecting Targeted Crimeware Within 30 Minutes of Activating Red Canary
There is no limit to the creativity attackers will use when masking their activity. We observed a great example of this immediately after beginning a 14-day evaluation with a B2C services company. Like most of our customers, this company needed an endpoint visibility, detection and response solution to augment their existing security efforts and further protect its PCI and PII … Read More
Combing Through Endpoint Data to Detect Threats
I’m always combing through detections that we produce in search of exemplars. My tendency is to look for unique malware, attack vectors, or lateral movement techniques. Today I encountered a detection that at a glance is far from novel—commodity crimeware delivered via email as a .scr (Windows screensaver) file—but is actually a terrific example of the power of endpoint telemetry … Read More
You Don’t Have to be in the Fortune 500 to Successfully Defend Against Advanced Attacks
Defending your endpoints is complicated and expensive and often leaves comprehensive endpoint security for companies with the biggest security budgets. We’re not ok with that – because every organization is a target. Defending your endpoints is complicated For most organizations, a strong endpoint security posture requires the visibility to see activity across your organization, a way to prevent attacks, detection of … Read More