Closing Critical Gaps in the Defense Industrial Base

Every organization has gaps in its security posture. There is simply too much surface area and too few resources for organizations to perfectly cover all the gaps. Given enough time, attackers will find and exploit these gaps. Below is a high-level case study of one such incident that occurred a year ago at a mid-sized United States defense contractor. […]

Detecting Targeted Crimeware Within 30 Minutes of Activating Red Canary

There is no limit to the creativity attackers will use when masking their activity. We observed a great example of this immediately after beginning a 14-day evaluation with a B2C services company. Like most of our customers, this company needed an endpoint visibility, detection and response solution to augment their existing security efforts and further […]

What Red Canary Detects: Spotlight on Process Injection

Red Canary’s threat detection leverages the five event types collected by Carbon Black’s endpoint monitoring platform: file modifications, registry modifications, network connections, process tree information, and binary collection. These data points are streamed into our proprietary Threat Detection Engine that was purpose built to perform automated binary, behavioral and threat intelligence analysis to find anomalous […]

Detecting CVE-2015-1130 on Mac OS X Endpoints

Security researcher Emil Kvarnhammar released details related to his discovery of the latest vulnerability in Mac OS X – CVE-2015-1130 – on his blog today. The vulnerability exists in Apple’s Admin.framework and allows unprivileged users to elevate their privileges to root on any vulnerable system. Mac OS X versions 10.7 through 10.10.2 inclusive are vulnerable […]

Visibility Becomes Paramount As Endpoints and MSSPs Heat Up

This is a guest post contributed by Benjamin Johnson, Chief Security Strategist, Bit9 + Carbon Black. The endpoint security space is hot right now. The managed security provider space is also hot right now. So it only makes sense that managed endpoint security, in one form or another, is the place to be. You cannot […]