Red Canary today announced major updates to its SaaS-based Security Operations Platform, including capabilities for identity-based threat detection, alert management, automation, and managed response. The Red Canary platform is used by companies of any size and around the world to detect threats, respond to incidents, and improve security operations. The company offers Managed Detection and Response (MDR) via its platform, runs on top of leading XDR platforms such as Microsoft 365 Defender, and was named a Leader in Forrester Research’s 2021 MDR Wave.
Unlike other MDR providers, which simply collect third-party security alerts and send them to customer security operations teams for handling, Red Canary’s Platform includes Security Engineering as a Service, embedding raw telemetry collection, custom detection engineering, alert suppression, continuous detection sharing across all customers, and threat intelligence curated from thousands of incident response engagements.
The latest version of Red Canary’s Security Operations Platform includes:
Vendor-neutral MDR for endpoints - Red Canary provides managed detection and response across all leading EDR products, including Microsoft Defender for Endpoint, and recently announced support for SentinelOne Singularity. Red Canary has industry-leading experience handling the high data volumes of EDR products and ensuring successful EDR deployments.
EDR Migration tools - As the EDR industry has matured, customers are increasingly migrating from early products to new leaders. The Red Canary platform includes tools to ensure successful migration, without downtime or impact to security operations. Migration support is included in the standard customer license fee, so that organizations can select and move to the solutions that best meet their needs, without incurring additional MDR costs.
Platform-neutral MDR for infrastructure - As companies modernize their legacy apps, using Linux-based containers and virtual machines, and move to the cloud, they face new threats to these applications. Red Canary has developed a threat detection service optimized for Linux production systems, regardless of where they are deployed. Customers who cannot deploy third-party EDR Linux agents, because of performance impact, can use Red Canary’s MDR service for Linux systems without issue.
Account compromise detection - Red Canary offers new capabilities for account compromise detection, via support for Microsoft Defender for Identity and Azure Defender for Identity. Using data from a customer’s Defender for Identity instance, the Red Canary platform can apply behavioral analytics to detect unusual patterns in account access
Integrated alert management and triage - In addition to endpoint and cloud systems, most organizations also manage dozens of third-party security products, each generating significant alert traffic. The Red Canary platform now includes, at no extra charge, self-service tools for alert triage and management. These tools reduce customer alert noise and time to respond to potential threats, and are included in Red Canary’s standard license fee.
Integrated automation and orchestration - When real issues are discovered, customers use Red Canary’s built-in workflow automation playbooks to respond in a consistent and efficient manner. Red Canary’s response engineers can guide the creation of new playbooks, at no additional cost beyond the standard annual license fee.
Continuous detection sharing across customers - Red Canary customers automatically gain protection from threats discovered in other customers’ networks, resulting in a form of herd immunity against common threats without loss of privacy.
Risk reporting and benchmarking - The platform includes regular analysis and reporting of customer risk, relative to earlier periods, other companies in the same industry, organizations of similar size, as well as the entire Red Canary customer base. This enables security leaders to report to their executive teams and boards on the effectiveness of their security controls and their impact on business risk. The reporting, benchmarking, and guidance are all included in the standard license fee.
Managed remediation of incidents - All Red Canary customers receive managed response to incidents, at no extra charge beyond the standard license fee. Red Canary’s trained response engineers can provide guidance, set up workflows, and perform response tasks to contain threats.
Red Canary also announced new packages for consulting firms and service providers. Incident response consulting firms often struggle to support a growing number of clients following a breach. Red Canary for Consultants is a solution designed for easy application of the Red Canary platform by consulting firms during incident response. In addition, Red Canary now also offers a solution for Microsoft Managed Service Providers (MSPs) that wish to provide managed security operations services around the Microsoft ecosystem.
“While organizations are increasingly under attack from ransomware and other threats, we are proud to say that our platform protected our customers from the biggest attacks in recent months,” said Chris Rothe, CPO and co-founder. “Our people have extracted and curated new behavior and attack patterns from thousands of engagements, and we’ve embedded those in the expanded platform to better protect our customers from harm.”
“We believe that Red Canary's platform, providing MDR for endpoints and infrastructure, aligns to Microsoft's security strategy,” said Mandana Javaheri, global head of security, compliance, and identity business development at Microsoft. “Customers who are investing in Microsoft 365 Defender and XDR platform can benefit from Red Canary's MDR platform to increase effectiveness of their security operations.”