Atomic Red Team Training Session

Detonate, Detect, Analyze: the Applied Research Team Answers Audience Questions

Casey Smith, Michael Haag

We recently held our second Atomic Red Team training session and were once again blown away by the positive response from the security community. As researchers, nothing is more exciting than taking our work out of the lab and teaching other security professionals how to apply the tests to improve their defenses. It was especially exciting to see multiple team members … Read More

Atomic Red Team Chain Reactions

Testing Detection and Prevention Tools With Atomic Red Team “Chain Reactions”

Casey Smith, Michael Haag

The very nature of Atomic Red Team is to allow for customization of different testing units to determine coverage, prevention, or detection within your environment. Chain reactions are a concept we developed to enable security teams to combine multiple MITRE ATT&CK™ techniques and execute them simultaneously. You can use these free-form methods to either build a sequence of events or … Read More

Red Canary and CrowdStrike

Red Canary and CrowdStrike: Birds Join Forces

Chris Rothe

We are very excited about our new partnership with CrowdStrike®. Red Canary can now provide our industry-leading hunting and response using Falcon’s Endpoint Detection and Response (EDR) data. We have a very simple goal at Red Canary: to make companies’ security better. From day one, we started with that single goal and asked what we could do to make the … Read More

Mapping Detectors to MITRE ATT&CK

Red Canary ATT&CKs (Part 3): Mapping Our Detectors to ATT&CK Techniques

Kyle Rainey

As discussed in Part 1 of this series, we decided that using the MITRE ATT&CK framework would give us a common language to describe adversary tactics and techniques. This would help us to effectively share information amongst our internal teams, our customers, and the community at large. In this post, we will walk through the process of mapping our 800+ … Read More

Red Canary Product

Red Canary ATT&CKs (Part 2): Designing ATT&CK Interfaces in Red Canary

Chris Rothe

This is the second part of a series on why and how Red Canary chose MITRE’s ATT&CK framework as our common language for adversary tactics and techniques. This post describes the design and interface tradeoffs our engineering team considered, lessons learned, and key takeaways that security teams can use when applying ATT&CK to their security programs. When Red Canary’s security … Read More

Red Canary and MITRE ATT&CK

Red Canary ATT&CKs (Part 1): Why We’re Using ATT&CK Across Red Canary

Keith McCammon, Chief Security Officer

Information security is grounded in risk management. And, because what gets measured gets managed, we rely on a variety of frameworks and key performance indicators to tell us whether we’re moving in the right direction. Frameworks like those provided by the National Institute of Standards and Technology (NIST) and the Federal Financial Institutions Examination Council (FFIEC) allow us to measure … Read More

Atomic Red Team Testing

Atomic Red Team Tests: Catching the Dragon by the Tail

Casey Smith, Michael Haag

Before testing your security controls, it’s extremely beneficial to understand the threat actors your organization may be facing. Nick Carr at FireEye published an excellent post a while back on how an actual adversary operates. We strongly encourage you to check it out for a solid understanding of the capabilities and behaviors exhibited by a group of attackers. We decided to … Read More