Passive DNS Monitoring – Why It’s Important for Your IR Team

DNS is an unsung hero among protocols during a network investigation. It’s almost universally used by other protocols such as HTTP, SMTP, and the like. It’s also a plaintext protocol, which can benefit an incident responder who cannot otherwise examine the contents of an encrypted connection. However, passive DNS monitoring (also known as DNS logging) […]

What Red Canary Detects, Part I: Overview & Malicious Software

We want every detection that we produce to result in action. Actions are organization-specific and may include remediation, investigation, or simply a discussion related to configuration management. In this series we examine what Red Canary detects in the context of the classifications used to describe and group these threats for our customers. The primary purpose of […]