When a private investment firm needed to enhance visibility and threat detection across laptops, it rolled out an endpoint threat detection service through its existing MSSP. However, the firm’s director of technology (we’ll call him Jonathan) quickly discovered that the solution did not live up to his expectations. Threats often lingered in the network for days or weeks at a time, leaving endpoints vulnerable.
Jonathan explained, “I was excited to get access to advanced endpoint detection without having to build up my team to manage it internally. Instead we saw that this specific offering from our MSSP was not effective. We would get notifications days or weeks after an incident. It became obvious that they didn’t know how to work with endpoint data.”
BUSINESS SNAPSHOT
$40B
in assets under management
300
endpoints
50+
highly mobile users
Finding deep EDR expertise
Jonathan was convinced that Carbon Black Response was the best EDR sensor due to its depth of visibility into endpoint activity and robust forensics capabilities. Now he needed to find a partner that deeply understood endpoint data and would quickly and accurately detect threats.
“That’s when I engaged with Red Canary. A lot of what we discussed during the evaluation proved they were the right choice. For example, they have the same lineage as Carbon Black Response and were Carbon Black’s first technology and managed service partner. After an in-depth Proof of Concept, Red Canary was able to check all the boxes.”
Key results
The firm saw immediate improvements in detection efficiency and response time.
Reduction in MTTR
Whereas it previously took days or weeks to detect a threat, Red Canary enabled the team to control the situation within minutes to hours, regardless of the endpoint’s global location.
Triage & analysis
Instead of leaving triage to the firm’s security team, Red Canary’s Cyber Incident Response Team (CIRT) performs full investigations of every potential threat, saving valuable time analyzing false positives.
Improved coverage
Red Canary analyzes endpoint telemetry using multiple techniques and technologies designed to maximize coverage against MITRE ATT&CK. The result is broader detection coverage that does not rely on the presence of easily changed indicators or behaviors.
Threat notifications
Red Canary breaks down vital information like behavior observations, user/endpoint info, and detailed threat progression timelines so a threat is fully understood before making a response decision.
Gaining deep expertise
One of the biggest benefits Jonathan saw was peace of mind, knowing he had reliable assistance from an advanced security team. While MSSPs typically offer limited technical support staffed by junior IT analysts and engineers, Red Canary’s dedicated threat hunters and detection engineers have deep expertise in security engineering, analysis, and incident response. And while MSSPs manage dozens of products and services, Red Canary’s custom-built solution means laser focus.