In annual revenue
- Thousands of endpoints and limited security resources meant alerts were going unchecked
- New CISO needed to prove the value of the company’s detection stack and security operations program
- Red Canary provides automated responses and notifications, seamlessly integrating with their existing workflows
- 24x7x365 threat hunting, detection, and response identified and investigated 400 incidents, decreasing the likelihood and cost of breaches
As one of the largest accounting and advisory firms in the United States, this global firm and their 30,000+ employees provide accounting and advisory services to connect clients and their respective businesses with specialized professionals. To support their growth strategy, they lean on a team of four highly skilled security professionals to keep their environment secure, and in turn, protect the personal and financial information of their clients.
A customer of Red Canary since 2018, this accounting firm and their security team had experienced the level and expertise of Red Canary detections firsthand. At the beginning of the partnership, the team sought Red Canary’s help to support them through some security incidents and secure their environment for the future. But as the business grew, personnel changed, and the need to build out their security portfolio became even more evident with every additional merger and/or acquisition.
Starting out, this accounting firm’s security team only covered around 500 endpoints due to budget constraints. Over time, they expanded to support 8,000 endpoints. But despite the growth in endpoints, the security team stayed the same size. That meant each member of the team was responsible for monitoring 2,000 endpoints. As a consequence, they didn’t have time to do their own threat hunting nor respond to all the alerts flooding in.
To complicate matters more, when a new chief information security officer (CISO) came aboard in 2020, he needed to quickly prove the value of the company’s detection stack and security operations program. The security team at the time understood that they could only do so much with the resources they’d been given—Red Canary was critical to protecting the company from breaches.
From the beginning of the partnership, Red Canary averaged 10 to 15 new detections every month in the accounting firm’s environment. By the end of 2022, Red Canary helped publish and work through over 400 detections. That meant their security team experienced 400 incidents that they fortunately didn’t have to investigate alone.
One particular incident came to mind when looking to prove the value of Red Canary MDR. During the evening hours of Christmas Day, a Red Canary detection engineer saw an anomaly in several documents running on one of their endpoints. After digging in, he realized that there was a script running claiming to be Quickbooks®. However, that script was using a netconn API. In collaboration with the security team at the accounting firm, Red Canary was able to build out a detection for this behavior in their environment, as well as in the environments of other Red Canary customers.
“Red Canary’s detection capabilities allow us to sleep better at night, as well as free up my team to focus on other projects.”
CHIEF INFORMATION SECURITY OFFICER
GLOBAL ACCOUNTING FIRM
The Christmas Day incident really drove home the value of Red Canary MDR for this global accounting firm. Even though no one from their company was behind their computer, digging through the telemetry and alerts in their environment, Red Canary and our team of expert detection engineers were on the keys, helping their stretched team investigate and thwart the threat in their environment.
The new CISO and his team continue to realize the value of Red Canary and are champions for Red Canary MDR. As the accounting firm continues to expand globally, they acknowledge that Red Canary is what makes their growth sustainable and secure.