Microsoft Threat Protection Solutions

Supercharge Defender ATP

When you deploy Windows 10, Microsoft Defender ATP (MDATP) is a solid endpoint security solution built into your operating system.

Red Canary unlocks the telemetry from MDATP and investigates every MDATP alert.

→ 10x your detection coverage and waste no time with false positives.

By enabling Red Canary, you supercharge your MDATP deployment by adding a proven 24×7 security operations team who are masters at finding and stopping threats, and an automation platform to quickly remediate and get back to business.

Request Demo Download Datasheet

Red Canary uses endpoint telemetry collected from Defender ATP. Endpoint telemetry is a continuous stream of everything that happens on a computer including process starts, file modifications, network connections, and more. Red Canary ingests the unfiltered stream of telemetry and standardizes it into our internal format for use by the Red Canary platform.

Q: How does Red Canary differ from any other Defender ATP integration?

A: Unlike most managed detection and response (MDR) solutions and managed security security providers (MSSP) that simply take in alerts from security products, perform basic investigation and send them back to you, we are the only ones using raw telemetry that was designed in partnership with Microsoft.

Q: So you just look at the MDATP alerts?

A: No, Red Canary’s main source of data from your environment is the raw endpoint telemetry used to perform our behavior-based detections that are continuously updated to keep pace with changes in attacker behavior.

Q:  How complicated is it to implement Red Canary?

Simply add a data export (from your MDATP console) to start sending telemetry to our Event Hub. Within minutes we will begin ingesting, processing and examining all your endpoint data.

Q: How does Red Canary get access to my Microsoft Defender ATP telemetry?

It is all configured from your side.  Setting up a data export and allowing access to the MDATP APIs is completely controlled by you and your MDATP administrators.

Q: Is Red Canary 24/7?

Yes, our cyber incident response team (CIRT) monitors security events in your environment 24/7 and notifies your team when needed. For more detail on how this works, check out our post on Microsoft’s Security blog.


Uncompromised: Unpacking a malicious Excel macro


2020 Threat Detection Report: the conversation continues


The Third Amigo: detecting Ryuk ransomware


Detecting attacks leveraging the .NET Framework


Endpoint Security vs Network Security: Where to Invest Your Budget


Evaluating Endpoint Products in a Crowded, Confusing Market