SaaS-based combination of software and expert
services protects organizations from ransomware, phishing and other common
threats
Red Canary announced major updates to its SaaS-based
Security Operations Platform, including capabilities for identity-based threat
detection, alert management, automation, and managed response. The Red Canary
platform is used by companies of any size and around the world to detect
threats, respond to incidents, and improve security operations. The company
offers Managed Detection and Response (MDR) via its platform, runs on top of
leading XDR platforms such as Microsoft 365 Defender, and was named a Leader in Forrester Research’s 2021 MDR
Wave.
Unlike other MDR providers, which simply collect third-party
security alerts and send them to customer security operations teams for
handling, Red Canary’s Platform includes Security Engineering as a Service,
embedding raw telemetry collection, custom detection engineering, alert
suppression, continuous detection sharing across all customers, and threat
intelligence curated from thousands of incident response engagements.
The latest version of Red Canary’s Security Operations
Platform includes:
- Vendor-neutral
MDR for endpoints - Red Canary provides managed detection and response
across all leading EDR products, including Microsoft Defender for Endpoint, and recently announced
support for SentinelOne Singularity. Red Canary has
industry-leading experience handling the high data volumes of EDR products
and ensuring successful EDR deployments.
- EDR
Migration tools - As the EDR industry has matured, customers are
increasingly migrating from early products to new leaders. The Red Canary
platform includes tools to ensure successful migration, without downtime
or impact to security operations. Migration support is included in the
standard customer license fee, so that organizations can select and move
to the solutions that best meet their needs, without incurring additional
MDR costs.
- Platform-neutral
MDR for infrastructure - As companies modernize their legacy apps, using
Linux-based containers and virtual machines, and move to the cloud, they
face new threats to these applications. Red Canary has developed a threat
detection service optimized for Linux production systems, regardless of
where they are deployed. Customers who cannot deploy third-party EDR Linux
agents, because of performance impact, can use Red Canary’s MDR service
for Linux systems without issue.
- Account
compromise detection - Red Canary offers new capabilities for account
compromise detection, via support for Microsoft Defender for Identity and
Azure Defender for Identity. Using data from a customer’s Defender for
Identity instance, the Red Canary platform can apply behavioral analytics
to detect unusual patterns in account access.
- Integrated
alert management and triage - In addition to endpoint and
cloud systems, most organizations also manage dozens of third-party
security products, each generating significant alert traffic. The Red
Canary platform now includes, at no extra charge, self-service tools for alert
triage and management. These tools reduce customer alert noise and time to
respond to potential threats, and are included in Red Canary’s standard
license fee.
- Integrated
automation and orchestration - When real issues are
discovered, customers use Red Canary’s built-in workflow automation
playbooks to respond in a consistent and efficient manner. Red Canary’s
response engineers can guide the creation of new playbooks, at no
additional cost beyond the standard annual license fee.
- Continuous
detection sharing across customers
- Red Canary customers automatically gain protection from threats
discovered in other customers’ networks, resulting in a form of herd
immunity against common threats without loss of privacy.
- Risk
reporting and benchmarking - The platform includes
regular analysis and reporting of customer risk, relative to earlier
periods, other companies in the same industry, organizations of similar
size, as well as the entire Red Canary customer base. This enables
security leaders to report to their executive teams and boards on the
effectiveness of their security controls and their impact on business
risk. The reporting, benchmarking, and guidance are all included in the
standard license fee.
- Managed
remediation of incidents - All Red Canary customers receive managed response to
incidents, at no extra charge beyond the standard license fee. Red
Canary’s trained response engineers can provide guidance, set up
workflows, and perform response tasks to contain threats.
Red Canary also announced new packages for consulting firms
and service providers. Incident response consulting firms often struggle to
support a growing number of clients following a breach. Red Canary for
Consultants is a solution designed for easy application of the Red Canary platform
by consulting firms during incident response. In addition, Red Canary now also
offers a solution for Microsoft Managed Service Providers (MSPs) that wish to
provide managed security operations services around the Microsoft ecosystem.
“While organizations are increasingly under attack from
ransomware and other threats, we are proud to say that our platform protected
our customers from the biggest attacks in recent months,” said Chris Rothe, CPO
and co-founder. “Our people have extracted and curated new behavior and attack
patterns from thousands of engagements, and we’ve embedded those in the
expanded platform to better protect our customers from harm.”
“We believe that Red Canary's platform, providing MDR for
endpoints and infrastructure, aligns to Microsoft's security strategy,” said
Mandana Javaheri, global head of security, compliance, and identity business
development at Microsoft. “Customers who are investing in Microsoft 365
Defender and XDR platform can benefit from Red Canary's MDR platform to increase
effectiveness of their security operations.”
Source: Red Canary Data media announcement