Case StudiesSecurity operations

Seeking an Ally to Accelerate Incident Response

When an IT security leader struggled to find the in-house expertise he needed, Red Canary’s incident handling team made partnership an easy decision.

The security team at a global manufacturing firm was struggling to secure the company’s infrastructure and intellectual property (IP) against advanced internal and external threats.

The firm produced highly innovative products and constantly faced the threat of attackers attempting to steal their IP. The IT security leader (we’ll call him Henry) oversaw a team of four security practitioners that were new to the field. The team was responsible for managing security operations and controls, setting and enforcing policies, monitoring activity, and responding to threats.

Even though Henry had a solid team of four, he struggled to find the additional security experts needed to adequately defend his organization. The company was headquartered in a region with a shortage of cybersecurity professionals—even if Henry could locate the right expertise, his budget would not accommodate the high salary such roles typically command.

7,000+

endpoints

40+

locations

5

IT security team employees

 
 

Henry’s biggest priority was to improve his team’s ability to simplify and expedite incident response. Their existing IR solution continually missed threats and rarely provided sufficient information for a quick and accurate decision to be made. After receiving a recommendation to look at Red Canary, Henry ran a Proof of Concept (POC) with Red Canary and two competitors.

Several qualities led Henry to determine that Red Canary was the best partner. In addition to the thorough threat hunting and investigations performed by Red Canary, Henry was impressed by the quality and expertise of Red Canary’s incident handling team. Red Canary was the only solution to include access to dedicated security experts as a standard part of its core service.

 

Henry and Red Canary's incident handlers collaborate to solve problems.

Improving security outcomes

Henry regularly taps into Red Canary’s incident handling team to gain the expertise he needs to level up his security program. From strategic support and program development to tactical advice and actionable threat intelligence, Red Canary closely collaborates with Henry to improve his organization’s security.

Stopping internal threats

Late one Thursday, Henry sent Red Canary an urgent request for help. A recently terminated, high-level executive appeared to have exfiltrated data and Henry was searching for signs of suspicious behavior. A Red Canary incident handler was able to quickly scan the data repository and locate the information Henry needed.

Ensuring business continuity

After WannaCry hit, Henry needed to quickly deploy Red Canary across an additional 3,000 systems—several of which were highly sensitive production lines that could cause millions of dollars in losses if any downtime occurred. Henry and the Red Canary team worked together to ensure that all 3,000 agents were deployed flawlessly over three days, with no downtime.

Hands-on, expert training

Henry wanted to ensure that his team knew its selected Endpoint Detection and Response (EDR) product inside and out. A Red Canary incident handler spent several days on-site, digging into the intricacies of the tool and training the team from the perspective of a seasoned threat hunter.