Case StudiesSecurity operations

Replacing an MSSP’s Endpoint Threat Detection Service

Learn how Red Canary helped a private investment firm cut their mean time to respond (MTTR) from days to minutes.

When a private investment firm needed to enhance visibility and threat detection across laptops, it rolled out an endpoint threat detection service through its existing MSSP. However, the firm’s director of technology (we’ll call him Jonathan) quickly discovered that the solution did not live up to his expectations. Threats often lingered in the network for days or weeks at a time, leaving endpoints vulnerable.

Jonathan explained, “I was excited to get access to advanced endpoint detection without having to build up my team to manage it internally. Instead we saw that this specific offering from our MSSP was not effective. We would get notifications days or weeks after an incident. It became obvious that they didn’t know how to work with endpoint data.”

$40B

in assets under management

300

endpoints

50+

highly mobile users

 
 

Jonathan was convinced that Carbon Black Response was the best EDR sensor due to its depth of visibility into endpoint activity and robust forensics capabilities. Now he needed to find a partner that deeply understood endpoint data and would quickly and accurately detect threats.

“That’s when I engaged with Red Canary. A lot of what we discussed during the evaluation proved they were the right choice. For example, they have the same lineage as Carbon Black Response and were Carbon Black’s first technology and managed service partner. After an in-depth Proof of Concept, Red Canary was able to check all the boxes.”

The firm saw immediate improvements in detection efficiency and response time.

Reduction in MTTR

Whereas it previously took days or weeks to detect a threat, Red Canary enabled the team to control the situation within minutes to hours, regardless of the endpoint’s global location.

See how
Triage & analysis

Instead of leaving triage to the firm’s security team, Red Canary’s Cyber Incident Response Team (CIRT) performs full investigations of every potential threat, saving valuable time analyzing false positives.

See how
Improved coverage

Red Canary analyzes endpoint telemetry using multiple techniques and technologies designed to maximize coverage against MITRE ATT&CK. The result is broader detection coverage that does not rely on the presence of easily changed indicators or behaviors.

See how
Threat notifications

Red Canary breaks down vital information like behavior observations, user/endpoint info, and detailed threat progression timelines so a threat is fully understood before making a response decision.

 

Gaining deep expertise

One of the biggest benefits Jonathan saw was peace of mind, knowing he had reliable assistance from an advanced security team. While MSSPs typically offer limited technical support staffed by junior IT analysts and engineers, Red Canary’s dedicated incident handlers and detection engineers have deep expertise in security engineering, analysis, and incident response. And while MSSPs manage dozens of products and services, Red Canary’s custom-built solution means laser focus.

Red Canary vs MSSP: At a glance comparison