Skip Navigation
Get a Demo
Resources Case Studies
Incident response

From breach to brilliance: Fortune 1000 manufacturer partners with Red Canary post-incursion to secure environment

Microchip Technology Inc. teamed up with Red Canary to reduce mean time to respond and augment its enterprise security with 24×7 support.

Microchip Technology Inc. is a leading provider of smart, connected, and secure embedded control solutions. Its easy-to-use development tools and comprehensive product portfolio enable customers to create optimal designs which reduce risk while lowering total system cost and time to market. The company solutions serve more than 125,000 customers across the industrial, automotive, consumer, aerospace and defense, communications, and computing markets.

Microchip faced a significant challenge when it became aware of potential data leaks following a series of acquisitions. Upon learning of the breach, the company subcontracted an IR firm to investigate the situation. That firm, in turn, brought in Red Canary to aid in identifying and mitigating the threats, so Microchip could get a better understanding of what was going on in their environment.

“Thanks to Red Canary, we haven’t had to fight the fires that other companies do, and it’s allowed us to focus on strategic business initiatives.”


From day one, Red Canary played a crucial role in helping Microchip respond to the cyber breach. Considering the urgency of the situation, the implementation process occurred quickly, and it involved inoculating connected devices with VMware Carbon Black EDR (fka Carbon Black Response).

As a publicly traded Fortune 1000 company, Microchip decided not to disconnect from the internet or shut down systems. Instead, they opted for a strategic containment approach that involved using Red Canary MDR to monitor the threat actors’ actions while simultaneously developing an elaborate containment program. Once executed, the containment measures proved effective, and the threat actors were neutralized.

Since 2019, Microchip has benefited from industry-leading threat monitoring and detection capabilities across their 30,000-plus endpoints by continuing to retain the Red Canary team. The partnership empowered Microchip’s internal team of over 200 infrastructure and security staff to act promptly and reduce the number of high-severity threats in their environment. As a result, Microchip achieved enhanced cybersecurity resilience without the need for substantial internal investments in their response team.

Empowering strategic cybersecurity

“With the implementation of Red Canary, our team is now freed up to focus on bigger-picture security initiatives, such as ensuring best practices for cyber hygiene. We no longer spend our days chasing down users engaging in risky behavior with their devices.”

Reducing mean time to respond

“Before Red Canary, the idea of having a response team capable of handling issues within minutes seemed far-fetched, but now we have that without requiring a substantial investment in building out an internal team.”

Reliable 24x7 support

“The commitment to meet with us on a weekly basis to work through the resolution of any issues is truly valuable. As a large organization, we try to handle many tasks internally, but Red Canary definitely helps us out and is very responsive to our questions and technical issues we run up against.”

Reporting on what matters

“From the very beginning, we’ve benefited from the high-level executive reports that Red Canary provides. I’m able to communicate what’s happening with our cybersecurity posture, progress toward our security goals, and results to my executive team, as well as to the audit committee within the board of directors.”

The journey that began as a response to a breach has evolved into a flourishing and enduring partnership between Microchip and Red Canary. By partnering with Red Canary, Microchip has not only strengthened their cyber defense but also unlocked more time for their internal team to focus on time-intensive tasks that benefit the entire enterprise.


My name is Robert Williams. I have been working for Microchip Technology for the last 29 years and I’m currently their chief security officer, and that’s how I was introduced to Red Canary. We were a company doing lots of acquisitions. We had replaced McAfee years before we acquired a company that hadn’t replaced McAfee. And then we got a knock on the door from various agencies saying that we might be leaking data.


So when we learned of the breach, we engaged in our attorneys. We were able to successfully shut down over a three day weekend and implement all of our containment procedures and be back online by that Tuesday. The Red Canary activities brought to light a lot of stuff in our environment that previously we’d been kind of blissfully ignorant.


It’s one of those scenarios where they talk about flipping on the lights in a warehouse and watching all the cockroaches and rats scramble as the lights come on. So we’ve continued to retain the Kroll/Red Canary team to this day, and it’s been very successful and not burning out our security staff. You get a lot of telemetry. You can act on that.


You can write bots to to clean up things and and and that has been very helpful in getting our environment down to a minimal number of what we would call high level threats. I can say with fairly high confidence that we have not had further incursions within our network. When you read articles about ransomware and things like that hitting other companies, it’s usually the threat actors have established presence and then have taken some time to do to develop their attack techniques. And with the Red Canary alerts in combination with both Kroll as well as our internal resources, we’re able to knock that stuff out before they even establish any level of presence on the PCs.


Microchip’s foundation is based on a book called the Aggregate System, and Continuous Improvement is is part of that aggregate system and Red Canary seems to have that same type of philosophy “that what works is still not good enough.” And “how can we make the product better for both the analysts as well as the CSO” who might be using the product or in between to get value for that. So you can do a lot of of cleaning up to the environments, but but it’s hard to say are you making progress or not making progress?


And so some of those reports the Red Canary has for the CSO are invaluable for for conveying that message that yes, we are making progress in getting things done and making the environment safe for our manufacturing of semiconductors. You know, in 2019, the idea of having a response team that can handle things within minutes seemed unreal. But we now have that between Red Canary and not having to make a substantial investment in a team within my organization, it is something that it’s added value for us, but it is… I don’t know if it’s less expensive than cyber insurance, but these days you pretty much can’t even get cyber insurance. So having teams of experts available, if you do have a problem is is is important.

Back to Top