As we approach the holiday season, the extended team at Red Canary has created this holiday hardening checklist. A collaboration between Detection Engineering, Incident Handling, and Customer Success, its purpose is to help our valued customers harden their defenses and validate Red Canary.
As always, Threat Hunters are reachable through the 24/7 emergency support line. This line should be used only in emergency scenarios, in cases where you (or your team) is responding to threats and need assistance. You can find this number inside the Getting Help section of Red Canary.
Verify your security protocols — Red Canary Threat Hunters use the phone tree in critical scenarios where they need to reach out to your team in an emergency.
Confirm your Network IPs — A complete list of important IP addresses means more context for Red Canary and more accurate and complete threats for you. By providing a list of your networks you can help Red Canary avoid false positives.
Generate a test threat in Red Canary — Generating a test is easy using the RCCAR command line test. We recommend you generate a test threat in order to re-familiarize yourself with your automations, and alerting mechanisms.
Review your Automate — Security teams need time off too. Review your Automate playbooks and consider ratcheting up your defenses with the use of more aggressive actions, like automated isolation, over the holiday season.
Synchronize Alert Status and Comments — State synchronization allows Red Canary to keep the alerts in your other security products up to date so you don’t waste time reviewing alerts that Red Canary has already reviewed.
Review Endpoint Connections — Monitoring how your endpoints are behaving is an essential part of understanding what is being monitored and protected in your security stack. Without a sensor on the endpoint we cannot monitor its activity effectively.