By bringing the experts who customize and manage the software in house, Red Canary is ensuring that the software is installed and managed by the people who know it best. That familiarity with the platform, as well as the human role in its execution, is where the benefit lies.
Any single device, such as a laptop, can perform upwards of 250,000 unique events in a single day. Each of those could be a clue that there is malicious activity occurring and should be analyzed. An organization with 1,000 people could generate more than 250 million events of which only a handful are interesting. To find the needle in the haystack, a thorough security company checks every single event through its system and ultimately relies on human expertise to determine if a threat is authentic.
Beyer says, “It is all about depth of visibility. If you are not tracking every event, your visibility is limited. Once you have complete visibility you need to utilize a breadth of detection technology so you know what you are looking at. The two go hand in hand, and we have found that combining human expertise into the equation has been the key.”