MDR FOR ENDPOINTS

Red Canary MDR for CrowdStrike Endpoint Protection

Add an ally. Strengthen your defenses.

You don’t need time, expertise, or an army of security hires to build a 24/7 detection and response capability—you simply need Red Canary.

As CrowdStrike specialists, we ensure you get immediate return on your product investments, along with the added peace of mind of knowing an industry-respected detection and response team is watching your environment at all times.

10x

your detection coverage

24/7

detection and response

1/1000

fewer false positives

 

The integration is simple:

  1. Falcon ships all of the endpoint telemetry it collects to Red Canary.
  2. Red Canary standardizes the telemetry into its internal format.
  3. The Red Canary Engine analyzes the data and surfaces potential threats.
  4. Red Canary analysts investigate and confirm threats and publish full-context detections to customers.

Red Canary also connects to the Falcon Streaming API to get a feed of threats surfaced by CrowdStrike’s detection capabilities, including Overwatch. Red Canary’s analysts confirm and consolidate these threats as well.

Customers seeking preventative technology can choose to take advantage of CrowdStrike’s endpoint protection offering while Red Canary works behind the scenes to hunt for and investigate advanced attacker behaviors, techniques, and tools.

Turnkey detection and response

Red Canary helps you deploy, configure, and update policies for CrowdStrike sensors. We ingest your product alerts and analyze your endpoint telemetry using our cloud-based detection engine composed of thousands of behavioral analytic use cases.

Hunt adversaries and evolve detection

Red Canary researches new attacker behavior and continually combs your environment. We maintain industry-leading detection coverage by updating our library of behavioral analytic use cases hundreds of times per week in response to new attacker behavior.

Offload investigations and add automation

We perform full investigations using our proprietary security operations platform and only alert you to confirmed threats. A detailed threat report is posted in your Red Canary portal where you can customize automated response actions and playbooks.

Managed Response for CrowdStrike

Our response engineers can perform managed or active remediation and containment within your environment.

Expand and evolve detection coverage

Our industry veterans perform ongoing threat research and analyze intelligence to ensure your coverage for attacker behaviors evolves with new information. No watchlist maintenance required.

Red Canary observes 85% of MITRE ATT&CK® techniques and counting. Plus, we make sure you can count on our detection logic by continually running 12,000+ unique tests.

Add efficiency by eliminating false positives

Stop wasting time chasing bad leads. Red Canary only alerts you to detailed, confirmed threats—with fewer than 1/1000 false positives—so you can stay focused on strategic security projects.

Reduce mean time to respond with automation

Set up custom, automated response actions to safely contain ransomware, tackle tedious unwanted software tasks, and stop threats in your sleep.

Seamlessly integrate into existing workflows

Red Canary integrates with the tools and workflows you already have in place. You can access detailed threat data for use in ticketing systems, SIEMs, Slack, SMS, and more.

Access security advice & incident response support

Your incident handler is here for on demand IR support and ongoing security advice. Get proactive guidance on how to mature your security strategy.

Measure and strengthen security

Red Canary shows you where you’re covered and gives you advice on how to improve. We’ll help you track how your security program is trending and how it compares to similar organizations.