Red Canary licenses MDR Cloud Control Planes by cloud resources.
How is usage calculated?
There are eight types of resources which are counted as billable resources in a cloud environment. Based on the total number of resources in your environment, billable resources are calculated using the following ratios, based on monthly averages.
Red Canary scans your environment four times per day, counting the number of each type of resource which exists at the time of the scan.
To get the monthly average for each resource type, we average the total count of that resource type across that month’s scan, and then divide appropriately to determine the overall number of billable workloads for the month. For serverless functions, for example, the monthly total would be divided by 50.
|Resource Type||Definition||Monitored : Billable Resource Ratio||AWS example||GCP example||Azure example|
|Virtual machines||A virtual machine (VM) is a compute resource that uses software instead of a physical computer to run programs and deploy apps.||1:1||EC2 instances||Compute instances||Scale Set VMs, Compute VMs|
|Container hosts||The container host is the system that runs the containerized processes, often simply called containers.||1:1||AWS VMs running containers||GCP VMs running containers||Azure VMs running containers|
|Serverless functions||A serverless function is a single-purpose, programmatic function that is hosted on managed infrastructure.||50:1||Lambda||Cloud Function||Function, Azure App Service|
|Serverless containers||Serverless containers are compute engines that run containers without requiring customers to deploy or manage the underlying container instances.||10:1||AWS EC2 Instances running containers within ECS, EKS, or underneath a Kubernetes cluster||GKE Autopilot, Cloud Run Revision||Azure Container Instances|
|Buckets||Buckets are logical containers of files and metadata about that file.||2:1||S3 Buckets||Cloud Storage Buckets||Storage Account Blobs|
|Container Registry Images||A container image within a container registry. A container image is a packaged, self-contained unit of software that contains all the necessary dependencies, libraries, and configuration files required to run a specific application within a containerized environment such as Kubernetes or Docker.||5:1||ECR container images||GCR container images||Container Registry images|
|Non-OS disks||Non-OS disks (also known as non-root volumes) are additional storage resources for storing block-level data separate from the operating system and applications.||3:1||EBS volumes||VM storage disks||VM data disks|
|Databases||Databases provide scalable and highly available storage solutions that allow for efficient retrieval and manipulation of information.||1:1||AWS Aurora, DynamoDB, RDS||GCP Cloud SQL||Azure SQL|
How are highly ephemeral environments measured in terms of billable workloads?
Red Canary scans your environment four times per day, taking a snapshot of the resources observed at the time of the scan. As one example, the longer an ephemeral VM exists, the more likely it is to be captured (and vice versa). If your environment has 5,000 persistent VMs and you spin up (and tear down) 5,000 ephemeral VMs, then the average number of VMs that Red Canary detects will be between 5,000 and 10,000. If each ephemeral VM exists for only 5 minutes per day, then the monthly average will be very close to 5,000; if each ephemeral VM exists for 23 hours per day, then the monthly average will be very close to 10,000.
Viewing recent license usage
The count of cloud resources is recorded on a monthly basis and is reported in the Red Canary portal.
- From the Red Canary homepage, click your user icon, and then click License Usage.
- Review your monthly usage.
- To download a CSV of your Cloud Resource license usage, click Download.
What happens if I exceed my license amount?
When you exceed your license amount, Red Canary continues processing data received from all your accounts. We do not want an increase in usage to harm your security.
Red Canary then reviews your usage every three months and trues everything up at that time. If you had an overage, we calculate that overage and you can either increase your license amount (prorated for the remainder of your contract) or you can pay a one time overage fee. Increasing your license count is a good way to take advantage of volume discounts when available.
What if something doesn’t add up or seem right?
Sometimes you encounter an edge case: your engineering team launches a new application in AWS at the end of the month, and the numbers just don't look right. To make it easier to identify those oddities, the download links let you obtain the data that you need to run these to ground.
If something still doesn't look right, let us know and we'll get to the bottom of it.