Welcome to the 2022 Threat Detection Report

This in-depth look at the most prevalent ATT&CK® techniques is designed to help you and your team focus on what matters most.

download the report

Welcome to Red Canary’s 2022 Threat Detection Report. Based on in-depth analysis of more than 30,000 confirmed threats detected across our customers’ environments, this research arms security leaders and their teams with actionable insight into the threats we observe, techniques adversaries most commonly leverage, and trends that help you understand what is changing and why. This is our most expansive report to date, but our intention remains the same: The Threat Detection Report exists to help you understand and detect threats.

How to use the report:

  • Start perusing the most prevalent techniques, trends, and threats to see what we’ve observed in our customers’ environments.
  • Explore how to detect, mitigate, and simulate specific threats and techniques.
  • Talk with your team about how the ideas, recommendations, and priorities map to your security controls and your overall strategy.
 
 
 

Trends

Red Canary’s security operations team performs three primary activities:

  • Our Intelligence team seeks to identify and understand distinct threats.
  • Our Detection Enablement and Detection Engineering teams seek to understand these threats and engineer solutions that reliably detect them and enable timely investigation.
  • Our Incident Handling team is charged with responding to threats before they harm customers.

In each of these areas, we’ve identified trends that help us understand how threats are evolving and how we as defenders must evolve in kind. From the continued scourge of ransomware to high-impact vulnerabilities and supply chain attacks, this section synthesizes intelligence with insights from the front lines of threat detection and response.

See the top trends
 
 
 

Trends

Red Canary’s security operations team performs three primary activities:

  • Our Intelligence team seeks to identify and understand distinct threats.
  • Our Detection Enablement and Detection Engineering teams seek to understand these threats and engineer solutions that reliably detect them and enable timely investigation.
  • Our Incident Handling team is charged with responding to threats before they harm customers.

In each of these areas, we’ve identified trends that help us understand how threats are evolving and how we as defenders must evolve in kind. From the continued scourge of ransomware to high-impact vulnerabilities and supply chain attacks, this section synthesizes intelligence with insights from the front lines of threat detection and response.

See the top trends

Thanks to the 100+ security experts, writers, editors, designers, developers, and project managers who invested countless hours to produce this report. And a huge thanks to the MITRE ATT&CK® team, whose framework has helped the community take a giant leap forward in understanding and tracking adversary behaviors. Also a huge thanks to all the Canaries—past and present—who worked on the 2019, 2020, and 2021 Threat Detection Reports. The Threat Detection Report is iterative, and parts of the 2022 report are derived from previous years. This report wouldn’t be possible without all of you!