Once endpoint telemetry is flowing to Red Canary (and, optionally, accompanied by external alerts) Red Canary’s threat pipeline kicks in.
Red Canary’s threat engine is designed to identify as many possible types of threats that adversaries may use against your organization. This broad approach results in a lot of false positives for the Red Canary team to investigate but delivers the best results to your organization.
As Red Canary processes the telemetry and alerts collected from your endpoints and security products, any threat intelligence or analytics that match results in the creation of a potentially threatening event that goes to the Red Canary Cyber Incident Response Team (CIRT) for investigation.
Onboard and tune detection
Unlike other security products, Red Canary does not require you to define your own detection rules and Indicators of Compromise (IOC) to get extremely effective results. From day one, you get the benefits of years of Red Canary threat engineering for hundreds of other customers.
Understand threat coverage
Understanding how Red Canary fits into your security stack is critical. You need to know where Red Canary provides coverage and where we do not, and we strive to make that information easy to find.
Within Red Canary, the Analytics and Intelligence pages holds a wealth of information, including:
- Detection Analytics
- Attack Techniques
- Intelligence Profiles
- Intelligence Insights
From the navigation menu, click Analytics to view Detection Analytics, which displays a list of potentially threatening types of events and the attack technique associated with its behavior.
Red Canary’s threat coverage is most easily viewed in a MITRE ATT&CK heatmap found by clicking Analytics and then Attack Techniques. From there, click a specific technique to learn if Red Canary has coverage for it.
Read about emerging trends and threats in cybersecurity in the Insights tab under Intelligence. Intelligence Insights are researched and written by the Red Canary’s Intelligence Team and published continuously to provide you with timely information.
Use Intelligence Profiles to learn more about prevalent attacks and threats. To view Intelligence Profiles, click Intelligence and then Profiles.
The Red Canary Intelligence Team reviews and curates cybersecurity news that is relevant to our customers. Our Industry News page keeps you up-to-date on emerging and prevalent threats so you can make informed decisions about your security posture.
From the navigation menu, click Intelligence, and then click News.
Next, learn about how Red Canary investigates these potential threats and confirms true positives.
Please sign in to leave a comment.