1. You’ve gotten to know us and how we can work together
Now you get a new case—an inbound request for incident response, proactive assessment, or offensive work. Initiate an engagement in your own portal as soon as you have a signed client agreement.
2. The engagement kicks off
You can kick off a 45-day engagement with us at any time. We enable visibility through Endpoint Detection and Response (EDR) products in 4 hours or less. Your request will build a new or attach an existing instance of VMware Carbon Black Cloud, CrowdStrike Falcon, Microsoft Defender for Endpoints, or SentinelOne to the Red Canary platform.
3. We simplify deployment
You’ll work with your clients to deploy agents, and we’ll provide enablement material, guidance, and a dedicated technical account manager to make sure your engagement goes off without a hitch.
4. We monitor and improve your response
Once your EDR is deployed, our dedicated analyst team will monitor and report on all activity observed on a 24×7 basis. We’ll work with you to set up automated playbooks to collect data or take actions on endpoints, even when your team is offline overnight.
5. You get ongoing support and insights
Have a question on findings? Looking to coordinate investigative efforts? Wondering what to expect next with this threat actor? No problem. Our analysts and assigned technical account teams are available to discuss all operational efforts through Slack. Divide and conquer is the name of the game.
6. Support your clients beyond the incident
At the end of your engagement, you can refer or co-deliver Red Canary MDR to your client as a long-term security monitoring solution.