Passive DNS Monitoring – Why It’s Important for Your IR Team

DNS is an unsung hero among protocols during a network investigation. It’s almost universally used by other protocols such as HTTP, SMTP, and the like. It’s also a plaintext protocol, which can benefit an incident responder who cannot otherwise examine the contents of an encrypted connection. However, passive DNS monitoring (also known as DNS logging) […]

Respond to an Endpoint Threat in 90 Seconds

At Red Canary, we’re always looking to simplify our customers’ security operations. Responding to the confirmed threats you receive from Red Canary is simple: isolate the endpoint, craft a response plan, and execute. Ready? Start the clock. Your Red Canary detections include the buttons: “Isolate Endpoint” and “Respond.” Isolating the endpoint disables all network communication […]

Medical Records are an Attractive Data Theft Target

While news about data breaches is growing disturbingly common, coverage is often focused on financial data – especially credit cards.  An event with direct impact to a large group of victims makes for a popular news topic, of course.  However, another major theft is gaining attention as well.  Personal data – notably medical records – has become […]

Visibility Becomes Paramount As Endpoints and MSSPs Heat Up

This is a guest post contributed by Benjamin Johnson, Chief Security Strategist, Bit9 + Carbon Black. The endpoint security space is hot right now. The managed security provider space is also hot right now. So it only makes sense that managed endpoint security, in one form or another, is the place to be. You cannot […]

Rapid Detection – CVE-2014-4114, “Sandworm”

This week, iSight Partners and Microsoft announced CVE-2014-4114 – “Sandworm”. While Microsoft has released a patch, exploit activity has already been identified in the wild. Red Canary customers will be pleased to know that within 24 hours of the CVE-2014-4114/Sandworm vulnerability’s announcement, we were successfully detecting the threat on their systems. Our team quickly identified the endpoint observations […]

Slandering Andre Maginot

FireEye recently came out with a new report: Cybersecurity’s Maginot Line. It is an excellent report that documents findings from over 1,600 FireEye customers. Some key findings: Nearly all (97 percent) organizations had been breached, meaning at least one attacker had bypassed all layers of their defense-in-depth architecture. More than a fourth of all organizations […]

Don’t let Brian Krebs be your IDS

If you are of a certain age – back when people got their visual electronic entertainment via broadcast TV – you remember watching a show called 60 Minutes. One of the most well-known TV journalists in the country at the time, Dan Rather, worked for 60 Minutes (among other duties at CBS), where he exposed […]

The Age of Perpetual Pwnage

Prior to creating Red Canary we used to do a lot of incident response work. Most of those customers were repeat customers both because they were ripe targets for attack and – not to humble-brag too much – we provided a great service at a very good price. We also left behind a great product […]

The Price of Caring About “Evidence”

In 2012 one of the offices in the government of the State of South Carolina suffered a digital breach. Reporting at the time estimated that the total cost of the breach was $14m, with incident response costs alone estimates at $500,000. The 2013 NetDiligence survey of data breach insurance payouts reports that of the 140 […]