My name is Robert Williams. I have been working for Microchip Technology for the last 29 years and I’m currently their chief security officer, and that’s how I was introduced to Red Canary. We were a company doing lots of acquisitions. We had replaced McAfee years before we acquired a company that hadn’t replaced McAfee. And then we got a knock on the door from various agencies saying that we might be leaking data.
So when we learned of the breach, we engaged in our attorneys. We were able to successfully shut down over a three day weekend and implement all of our containment procedures and be back online by that Tuesday. The Red Canary activities brought to light a lot of stuff in our environment that previously we’d been kind of blissfully ignorant.
It’s one of those scenarios where they talk about flipping on the lights in a warehouse and watching all the cockroaches and rats scramble as the lights come on. So we’ve continued to retain the Kroll/Red Canary team to this day, and it’s been very successful and not burning out our security staff. You get a lot of telemetry. You can act on that.
You can write bots to to clean up things and and and that has been very helpful in getting our environment down to a minimal number of what we would call high level threats. I can say with fairly high confidence that we have not had further incursions within our network. When you read articles about ransomware and things like that hitting other companies, it’s usually the threat actors have established presence and then have taken some time to do to develop their attack techniques. And with the Red Canary alerts in combination with both Kroll as well as our internal resources, we’re able to knock that stuff out before they even establish any level of presence on the PCs.
Microchip’s foundation is based on a book called the Aggregate System, and Continuous Improvement is is part of that aggregate system and Red Canary seems to have that same type of philosophy “that what works is still not good enough.” And “how can we make the product better for both the analysts as well as the CSO” who might be using the product or in between to get value for that. So you can do a lot of of cleaning up to the environments, but but it’s hard to say are you making progress or not making progress?
And so some of those reports the Red Canary has for the CSO are invaluable for for conveying that message that yes, we are making progress in getting things done and making the environment safe for our manufacturing of semiconductors. You know, in 2019, the idea of having a response team that can handle things within minutes seemed unreal. But we now have that between Red Canary and not having to make a substantial investment in a team within my organization, it is something that it’s added value for us, but it is… I don’t know if it’s less expensive than cyber insurance, but these days you pretty much can’t even get cyber insurance. So having teams of experts available, if you do have a problem is is is important.