Red Canary uses a lot of automation, artificial intelligence (AI), and machine learning (ML), but what set Red Canary apart is the fact that highly trained and skilled humans systematically analyze, classify, and enriched the data we ingest. This creates a "virtuous cycle" in which humans improve data; this improved data is then used to improve models and algorithms that are then used to helps humans improve their performance, and so on, in a human-machine teaming whose final result is the best threat detection engine in the market.
Red Canary uses automation, AI, and ML in the following situations:
- Triaging of telemetry that needs to be analyzed - Red Canary has multiple Natural language processing (NLP), multimodal, and expert systems that analyze telemetry information and select potential a threats. These systems compose a complex, multi-layered, and highly scalable system that processes petabytes of data every day, improving details and classification accuracy at each layer, until it reaches the Detection Engineer who will make the final call.
- Deduplication of telemetry - Red Canary uses custom created and highly efficient and domain specific similarity and linkage models to identify telemetry that has already been processed, so we optimize our threat detection engine throughput and the timeliness of our detections.
- Enriching telemetry to help Detection Engineers do their job - Red Canary uses multiple systems and models to extract, rank, and classify specific parts of the information that is presented to Detection Engineers.
Some of the technologies Red Canary uses
- Decision Trees
- Ranking models
- Recurrent Neural Networks
- Count frequency models
- Word embeddings
- Fuzzy matching algorithms
- Data linkage statistical systems
- Vector Search Engines
- Clusterization algorithms
- Anomaly Detection algorithms