As a response to increasing pressures to defend their environment, organizations have added more and more security tools to their stack. This approach makes sense, as gaining an expanded set of data sources will theoretically lead to greater visibility and a lower likelihood that an indicator of attack (IoA) will be missed.
However, this increase in visibility does not happen without tradeoffs. Most notably it can lead to a significant increase in alert fatigue for analysts. Whether the tools exist in silos or are aggregated by a third party, they still often add a fair amount of noise. This means it takes analysts more time to find the most important signals—or worse, it means they will ignore the alerts altogether.
To address this issue, we’re introducing Red Canary Threat Investigation. In addition to ingesting raw endpoint data and telemetry, Threat Investigation allows Red Canary to process non-endpoint alerts from network, identity, and email tools. Alerts sent from these data sources are investigated by Red Canary analysts, who will then determine which can be ignored and which need to be addressed right away.
Customers can rest easy knowing that they will not be overwhelmed by noisy alerts while still addressing the most critical threats to the business with the context they need, all in a single pane of glass.
Red Canary analysts investigate and prioritize alerts from network, identity, and email data sources.
The following non-endpoint integrations are available (as of February 2022):
- Network: Fortinet FortiGate, Cisco Firepower, Palo Alto Networks Pan-OS, Darktrace Enterprise Immune System
- Email: Microsoft Office 365 Security and Compliance, Proofpoint
- Identity: Microsoft Azure Identity Protection, Microsoft Defender for Identity, Okta Workforce Identity
We will continue to add more integrations over time. New Red Canary MDR customers will receive the Threat Investigation capabilities at no additional cost.
Download the datasheet to learn more about how you can expand MDR beyond the endpoint with Red Canary Threat Investigation.
Want to see Red Canary in action? Schedule a demo to check out all our platform has to offer.