Business snapshot
As the #1 connected workforce solution in manufacturing, QAD Redzone enables frontline teams to contribute their full potential, elevating the frontline with new technology to achieve company goals around productivity and throughput. Today, hundreds of thousands of frontline workers are valued, celebrated, and working with purpose; creating stronger communities inside and outside their plants. With customers both big and small, QAD Redzone is helping more than 1,000 plants worldwide achieve remarkable productivity gains in just 90 days.
The mission
Prior to QAD Inc.’s acquisition of Redzone in February 2023, Redzone had gone through a couple different security programs. When Head of Security Operations Efrain Orsini Jr. came on board in 2021, the company was using an MSSP provider that proposed a solution regarded as a “be-all and end-all” type of aggregator. However, he found the platform to be more of a beta product rather than a fully developed, comprehensive solution.
Efrain and his team came to the conclusion that they needed a security solution that was less of an aggregator. No longer was having one product for cloud and endpoints enough—they knew they needed two separate products that each offered best-of-breed solutions in their space. An EDR for endpoint and a tool to monitor cloud security and configurations fit the bill. Next, they needed to find a solution that could provide 24×7 monitoring, investigation, and remediation of threats detected by these tools.
The Challenge
Efrain and his team conducted research on a handful of managed detection and response (MDR) providers. As a small team, they were looking for a solution that integrated with their existing security tools, provided around-the-clock coverage, and helped reduce alert fatigue.
During the research phase, they reviewed some of the biggest players in the game. Most MDR vendors were quickly knocked out of the running, because they would have required QAD Redzone to start from scratch in regards to endpoint protection. As Efrain recalls, the other MDR vendors didn’t offer any transfer of licenses. Instead, they were a complete “rip and replace” type product, which Efrain was certain they did not want. Keeping their current endpoint protection solution was nonnegotiable. Fortunately, Red Canary already had an integration with that solution.
The Solution
“As we got deeper into the RFP process, Red Canary not only supported our decision to avoid ripping and replacing, but also facilitated the transfer of licenses, which no one else told us they could do, including our current provider.”
EFRAIN ORSINI JR.
HEAD OF SECURITY OPERATIONS, QAD REDZONE
Efrain and his team first heard about Red Canary through Atomic Red Team, Red Canary’s open source library of tests that security teams can use to simulate adversarial activity in their environments. However, it was through the request for proposal (RFP) process that QAD Redzone discovered that Red Canary checked off everything on their list and more.
“Ease of implementation was huge. Being able to transfer a license from one portal to another seamlessly without inconveniencing our users, that was a big reason why we chose Red Canary,” remarked Senior Security Analyst Jason Peak.
In addition to helping with the transfer of licenses, Efrain pointed to a few additional reasons why they ultimately chose to partner with Red Canary. “It was the 24×7 support that Red Canary gave. It was that additional threat piece where we could import impossible travel alerts, access logs, and other things from Microsoft 365. We could import logs from other systems like FortiGate. All those different pieces made Red Canary like a SIEM, even though it’s not. And we really liked the threat management piece, which we knew would help our small team out a lot.”
Red Canary’s correlation of signals from across a customer’s IT environment is powered by AWS. Amazon S3, Amazon SQS, Amazon EKS, and several other AWS services provide the foundation for Red Canary’s MDR service.
The outcome
“Being able to see everything from a single pane of glass is something we didn’t expect and is a major benefit, especially knowing that we were going to use multiple products in our security program. At the outset, we had accepted that we were probably going to spend lots of time jumping between multiple tabs, but Red Canary helped defeat that, which is a huge time saver. I couldn’t tell you how much time we save on that alone.”
EFRAIN ORSINI JR.
HEAD OF SECURITY OPERATIONS, QAD REDZONE
QAD Redzone originally used Red Canary for what Efrain referred to as the “bone basic thought process.” Their initial goal was to import all of their EDR telemetry and use Red Canary’s single-pane-of-glass view to see the threats that required next steps before navigating to SentinelOne to investigate.
“We’ve now honed it in where we use Red Canary for probably 90 percent of the workload when it comes to our endpoints and even some of our identity management,” Efrain explained. “Red Canary shows us who it is, what the product is, and what the issue is, and we make a decision from there. We also have automatic playbooks that will trigger response actions, such as locking down a workstation for crypto mining, malware, or any other potential threat. Other playbooks will fire off a Slack alert, because we want them to be approved before they automatically run.”
When talking about Red Canary playbooks, Efrain brought up one incident that was particularly memorable. It was a Friday. An executive was in the process of replacing his laptop when Red Canary detected a potentially malicious file. At the time, the security team at QAD Redzone had a playbook and a trigger set up that allowed Red Canary to lock down a workstation when a malicious file was detected—but only once approved by their team. At first, they weren’t quite sure what the error was, and despite reaching out to the executive team, they were unable to establish contact. Despite feeling a bit uncomfortable with shutting down an executive’s machine at first, they ultimately decided to execute the playbook.
“When we emailed the executive to explain why we took the action we did, it turned out that he was not only okay with it, but actually impressed that we were able to find the potential threat so fast and take care of it, helping keep the company safe. With our previous solution, that would not have happened. We wouldn’t have seen it, and we wouldn’t have been able to act on it so quickly.”
EFRAIN ORSINI JR.
HEAD OF SECURITY OPERATIONS, QAD REDZONE
What lies ahead
“I know right now if we need something, someone answers the phone, which is extremely valuable. And then on top of that, with every ticket that Red Canary indicates is not a threat, it saves us countless hours of traveling down a rabbit hole that’s going to be a false positive. It makes us more attuned to the things that are not false positives, too, so when we get that scary email or that scary Slack notification, we know it’s already been checked by a Red Canary analyst and we need to be more vigilant with it.”
EFRAIN ORSINI JR.
HEAD OF SECURITY OPERATIONS, QAD REDZONE
Efrain’s main goal for this year is to reduce alert fatigue and ensure alerts are more meaningful. That’s one of the reasons he’s so excited for Red Canary’s integrations with other tools. “Red Canary has reduced our fatigue with a lot of other alerts,” Efrain avowed. “We’re hopeful that you can help us do that with our future solutions as well.”