Case StudiesManaged Detection and Response

Lean and mean security team gains 24/7 coverage, offloads stress

Learn how Red Canary helps the team gain 24/7 coverage and find the needle in the haystack.

Executive Summary:

  • 24/7 monitoring
  • “It’s like having a full-time on-call analyst”

A financial institution with over $100 billion under its management needed around-the-clock threat detection, but its small security team was under-resourced for on-call coverage and 24/7 endpoint monitoring. Just three analysts were charged with maintaining the company’s overall security posture, ensuring compliance and regulatory standards for frequent audits, keeping systems and hygiene up-to-date, and enabling 600 employees to do their jobs in a secure manner.

“We have more than 500 employees and our team is only three people, so we’re essentially always drowning in work,” said one of the security analysts. “Being in the financial sector definitely puts a target on your back. We have a lot of money to defend. You look at scenarios like nation-states hacking into the Bangladesh bank or the SWIFT hack, and you know they’re going after companies with access to funds.”


security analysts








The team was using a leading security SIEM provider, but it was only able to monitor logs. Running telemetry through their SIEM would not only have been extremely expensive but would have overwhelmed their appliance, so they also used an endpoint detection and response (EDR) product.

However, keeping up with monitoring the EDR product was too time-consuming for a team also tasked with supporting critical business projects. The infosec team was suffering from alert fatigue and keenly aware of after-hours gaps in coverage. They didn’t have an on-call system in place, which left them feeling vulnerable on weekends and late at night.

“We ran some pen tests in the past and weren’t really happy with the results,” said an analyst with the institution. “We knew it was worth investing in extra intel and expertise to make sure we caught everything and had a deeper understanding of what was happening in our environment.”

When the infosec team’s director decided to test out a managed service, Red Canary was at the top of the list. They saw the value proved out right away.

Getting started with Red Canary Managed Detection and Response (MDR) was fast and easy. The team
transitioned their portal to be hosted by Red Canary, then reinstalled the sensor. Configuration, testing, and enrolling took just a few days. “On a scale of one to ten in terms of difficulty, it was a one or two,” says one of their security analysts.

The team saw an immediate return on their investment, with benefits including time savings, stress relief, a greater sense of confidence, and a deeper awareness of what’s happening in their environment.

There has been a dramatic difference from relying on Red Canary MDR as opposed to trying to manage EDR in-house.

The team gained the 24/7 coverage they needed—without hiring more people or implementing an on-call schedule. They recalled one instance when Red Canary’s ability to fill the after-hours gap proved critical.

“It was a Friday evening around 7pm and I got a phone call from Red Canary that there was a possible hands-on-keyboard attack. The analyst personally reached out and we were able to quickly address it. Knowing that Red Canary has that kind of attention to detail and workflow shows us they really have our best interests at heart.”

In addition to time savings, the team gained highly focused expertise to enrich their existing capabilities. They were able to tap into Red Canary analysts with specific skill sets to complement their internal team of security generalists.

Last but not least, the team now has the information they need to be confident about what’s happening in their environment. Red Canary’s analysis of endpoint activity and potential threats helps the team understand the scale and severity of security alerts and confirm they’re not missing anything.

“We’re more aware of our environment because of what Red Canary enables us to see. One of the big things I really like is the section in the Red Canary portal that flags all Potentially Unwanted Programs (PUPs). For example, if someone plugs in a bit torrent application or tries to install it, we would be notified.”


When asked if they would recommend Red Canary to other teams like theirs, their senior security analyst gave a hearty endorsement.

“The level of expertise and the dedication to exceptional customer service really stand out. Red Canary stays on top of the telemetry and does a fantastic job finding the anomalies. This helps smaller teams like ours not have to worry about our environment as much because we can trust in the analysis that Red Canary does.”