Resources Blog Product updates

Take MDR beyond the endpoint with Red Canary Threat Investigation

Red Canary now investigates threats across your network, email, and identities

Seth Geftic
Originally published . Last modified .

As a response to increasing pressures to defend their environment, organizations have added more and more security tools to their stack. This approach makes sense, as gaining an expanded set of data sources will theoretically lead to greater visibility and a lower likelihood that an indicator of attack (IoA) will be missed.

However, this increase in visibility does not happen without tradeoffs.  Most notably it can lead to a significant increase in alert fatigue for analysts. Whether the tools exist in silos or are aggregated by a third party, they still often add a fair amount of noise. This means it takes analysts more time to find the most important signals—or worse, it means they will ignore the alerts altogether.

To address this issue, we’re introducing Red Canary Threat Investigation. In addition to ingesting raw endpoint data and telemetry, Threat Investigation allows Red Canary to process non-endpoint alerts from network, identity, and email tools.  Alerts sent from these data sources are investigated by Red Canary analysts, who will then determine which can be ignored and which need to be addressed right away.

Customers can rest easy knowing that they will not be overwhelmed by noisy alerts while still addressing the most critical threats to the business with the context they need, all in a single pane of glass.

 

Red Canary analysts investigate and prioritize alerts from network, identity, and email data sources.

The following non-endpoint integrations are available (as of February 2022):

  • Network: Fortinet FortiGate, Cisco Firepower, Palo Alto Networks Pan-OS, Darktrace Enterprise Immune System
  • Email: Microsoft Office 365 Security and Compliance, Proofpoint
  • Identity: Microsoft Azure Identity Protection, Microsoft Defender for Identity, Okta Workforce Identity

We will continue to add more integrations over time.  New Red Canary MDR customers will receive the Threat Investigation capabilities at no additional cost.

Download the datasheet to learn more about how you can expand MDR beyond the endpoint with Red Canary Threat Investigation.

Want to see Red Canary in action? Schedule a demo to check out all our platform has to offer.

 

Linux security, reimagined

 

Introducing Red Canary Active Remediation

 

Streamline your workflow with Red Canary’s Microsoft Sentinel integration

 

Run Atomic Red Team tests with Microsoft Defender for Endpoint

Subscribe to our blog