Forrester, a leading analyst firm, recently named Red Canary and nine other managed detection and response (MDR) services providers to participate in their 2025 evaluation. After researching, analyzing, and scoring each provider against 21 criteria, they compiled their findings into a comprehensive report, The Forrester Wave™: Managed Detection And Response Services, Q1 2025. The goal? To give cybersecurity buyers a clear, unbiased comparison and help them choose the right MDR provider for their needs.
The results are in, and Red Canary has been recognized as a Leader!
We’re proud of this recognition and want to dive deeper into the findings that the Forrester evaluation mentioned about our current offering and strategy and provide our own takes.
Why detection as code is critical for staying ahead of threats
“Red Canary predicted early on that it needed to couple strong threat intelligence with a detection-as-code detection-engineering philosophy to scale as an MDR provider.”
The detection-engineering philosophy described in the Forrester report is—and always has been—at the heart of our strategy. We believe traditional security approaches that rely solely on alert triage can leave gaps, especially in today’s high-tech world, where new challenges like cloud security and identity management demand a more proactive, software-driven approach. That’s where detection as code comes in.
Detection as code allows for faster, more precise threat detection by applying software engineering principles to security. It allows for continuous refinement of detection analytics, faster deployment, and the ability to scale with emerging threats. For you, this means more accurate threat detection, fewer false positives, and quicker response times.
At Red Canary, this strategy powers a detection engine backed by over 4,000 behavioral analytics, comprehensive threat intelligence, and a world-class team. This approach means we go beyond triaging alerts—we identify real threats that might otherwise slip through the cracks of your security tools. By focusing on detection engineering, we don’t just react to threats—we provide deeper context that helps you proactively understand and mitigate risks, leading to measurable outcomes, such as:
- 99.6% threat detection accuracy
- 10x reduction in mean time to respond (MTTR)
- 2-minute mean time to acknowledge (MTTA) for high-severity threats
But our strategy goes beyond just detection. We are relentless in our mission to improve security, not just for our customers, but for the entire community. Our weekly Office Hours offer an open forum to discuss trends in security operations, while free resources like Atomic Red Team™ and our highly anticipated annual Threat Detection Report equip you with the insights and tools needed to bolster your security posture.
What did customers have to say about Red Canary?
“Customers praise Red Canary’s responsiveness, pace of innovation, and platform flexibility.”
But don’t just take the Forrester evaluation’s word for it. Here are some recent reviews posted on G2:
| : “When we ask about detection coverage for a current or emerging threat actor and their TTPs, they’re already on top of it.” | :Unmatched detection |
| : “Red Canary allows our team to have 24/7 monitoring of alerts and threats without having to staff our team for after hours monitoring.” | :24×7 monitoring |
| : “Understanding, investigating and teaching our on-prem team is so valuable and has saved us several times and allowed us to shutdown attacks as they begin to happen. Awesome team and reporting systems!” | :Expert-driven response |
| : “The account team is very good and super helpful with any questions we have with the Red Canary tool or our EDR tool. They sometimes provide better support for our EDR tool than our EDR vendor.” | :High-touch support |
| : “Red Canary is a breeze to set up! With help from the onboarding team, my team was able to configure our environment within a day. Immediately after setup, we could start monitoring through the pre-built integrations with most of our cybersecurity pain points.” | :Easy setup |
Strength in capabilities
We’ve long believed that security should be proactive, not reactive—and that requires more than just providing the D and R in MDR (although that remains critically important). It demands threat intelligence tailored to your environment, expertise that strengthens your team, and preparation that ensures you’re ready for what’s next.
As the Forrester report put it:
“Red Canary brings a deep pedigree in threat intelligence as part of its MDR offering and complements its services with automation, training, and tabletop exercises as well as a security data lake for customers.”
We believe the capabilities the Forrester evaluation described reflect how we put that belief into action, but we’d like to offer more context. Here’s how we make security more proactive for our customers:
- Intelligence built for your business: Security isn’t one-size-fits-all—threat intelligence shouldn’t be either. We tailor our intelligence to your specific environment, providing the insights you need to address your unique risks and challenges.
- Expert-driven response and support you can rely on: While automation plays a key role in response, human expertise is irreplaceable. Our team acts as an extension of yours, providing hands-on support when you need it most.
- Preparing your team for real-world threats: We don’t just detect threats, we help you prepare for them. Our Readiness Exercises, including realistic scenarios and expert-led tabletops, ensure you’re ready for anything.
- Making security data accessible and affordable: Struggling with SIEM complexity and budget constraints? Our Security Data Lake offers a flexible, cost-efficient solution for long-term security data storage and querying.
The Forrester report also had this to say about Red Canary’s MDR capabilities:
“Red Canary also stands out in endpoint, extended detection, managed response, and threat hunting with a service that is flexible, adaptable, and tuned to the needs of its customers, no matter how specialized or unique those requirements are.”
We understand that every organization is unique, and it’s our belief that customers deserve white-glove treatment and expertise—not just another tech product with staff augmentation. Our team is always available to provide guidance and support, ensuring expertise is within reach, no matter your size or needs.
Looking ahead
Our roadmap is built on a clear vision: bringing our industry-recognized capabilities in threat intelligence and detection engineering to cloud and identity. And we believe our investments in GenAI and agentic workflows, underpinned by over a decade of human-labeled training data, are already giving us a unique advantage.
The proof? Our Threat Detection Report shows we’re detecting and stopping more identity-based and cloud-native threats before they cause harm. The Forrester evaluation recognized us with the highest possible scores in the vision and innovation criteria, and we believe the value of our roadmap is not just something to look forward to—it’s already making an impact today.
Beyond technology, our strategy includes a strong focus on growing our partner ecosystem. This year, we’re working to expand our network of channel partners, as we know that stronger partnerships lead to even better security outcomes for our customers.
With ongoing investments and relentless focus on innovation, we’re not just keeping pace—we’re leapfrogging the competition and redefining what MDR can achieve.
Want a glimpse of what’s ahead? Join us for our next customer-only roadmap webinar.
In summary
“Red Canary stands out for customers looking for a provider with superior detection and response capabilities that remains flexible to the unique needs of their organization.”
We encourage you to read the full Forrester Wave™: MDR Services report, and see for yourself why Red Canary was acknowledged as a Leader.
Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here.
Related Articles
Why CISOs under consolidation pressure are embracing Microsoft Security solutions
How AI will affect the malware ecosystem and what it means for defenders
How AI will affect the malware ecosystem and what it means for defenders
Why Taylor Swift fans should work in cybersecurity