The mission
Operating in the retail trade sector, this retailer had always followed industry-specific best practices for data governance. By defining how data is gathered, stored, and used, their model also provided them a foundation on which to improve their data security and privacy policies, particularly at the endpoint and network layers.
However, following an incident a few years back, their IT operations manager understood the need to go beyond compliance in order to better protect their IT environment. With the understanding that traditional antivirus (AV) was insufficient and their managed service provider (MSP) couldn’t perform the detection, response, and remediation services they needed, the retailer started looking for a new solution.
The challenge
“We can have all the tools in the world, but there needs to be someone that understands how to use, maintain, and govern them.”
—IT Operations Manager
After the incident, the retailer brought in an incident response vendor to help them get back on their feet. In the process, they rolled out new endpoint security software. However, like many companies their size, they couldn’t justify the cost of a full-time security operations center (SOC). Additionally, they didn’t have anyone in house who could dedicate the time and resources needed to understand the telemetry coming from this new EDR tool, let alone investigate alerts and respond to threats.
Understanding the need to be nimble in the face of cyber attacks, the retailer sought a solution that could provide hands-on-keyboard response in the event of an incident that wouldn’t overstretch their budget or require them to staff a SOC team around the clock.
The solution
“We’re a small team, but we still have a very real need. To be able to entrust our cybersecurity to somebody and know that there are procedures in place in the event of an incident is extremely important. Today, we think of Red Canary more as an extension of our department rather than just a vendor.”
Red Canary came recommended by the retailer’s incident response provider. From the get-go, they were immediately drawn to Active Remediation, Red Canary’s hands-on-keyboard remediation support service, citing one major reason: its autonomy. As their IT operations manager explained, they liked the peace of mind that came with a primarily “act first, contact later” mentality, as well as the ability to set rules for specific situations where a “contact first, act later” approach was more appropriate.
After officially signing on with Red Canary, their IT operations manager noted, “The onboarding process was seamless, and configuring the rules for Active Remediation was just as easy.”
The outcome
“Thanks to Active Remediation, what would have been a fire drill for my team was wrapped up nicely in a bow before I even knew it. All I had to do was review the report.”
—IT Operations Manager
Since deploying Red Canary, the retailer has already seen several benefits from Active Remediation. One particular high note came after Red Canary detected a threat mid-2022.
Without Red Canary, their IT operations manager admitted that containing and remediating the threat would not have been an easy task—it could have taken a couple of days for their team, who were already operating at 100 percent capacity. At that time, the team was also working on a high-level project. Pausing it and reallocating resources even for a short amount of time would’ve put the entire project in jeopardy and potentially cost the company hundreds of thousands of dollars. Instead, they went from detection to containment and remediation within one hour thanks to Active Remediation.
“By the time Red Canary followed the procedure of quarantine, remediate, and notify, I was already looking over the notes,” their IT operations manager recalled. “To know that something happened and that someone technical had eyes on it immediately, did their due diligence, went through our playbook, took care of the threat, and then told us about it, there’s a huge amount of value there.”
In addition to hands-on-keyboard response, some additional benefits of Red Canary MDR the retailer called out include:
- The user-friendly portal, which puts key information front and center.
- Morning snapshots and threat intelligence reports that communicate what’s happening in the cyber world in an easily digestible manner.
- Single pane of glass view that pulls in raw telemetry from their EDR tool and makes it easier to understand activity on any given endpoint.
A proactive approach to cybersecurity
“As an IT manager, I want to know what’s going on, but I also need to know that it’s being handled. With Red Canary, I have the confidence that I didn’t have before.”
—IT Operations Manager
For this retailer, the incident a few years back served as a wake-up call. But thanks to Red Canary and Active Remediation, their IT operations team can finally sleep at night knowing their environment is being monitored 24/7/365 by experts—the same experts who can remotely take hands-on-keyboard action to remediate threats on their endpoints in the event of another incident. With the time and resources they save, their IT operations manager can now stay focused on big strategic initiatives that deliver maximum impact.