Red Canary today announced major updates to its SaaS-based Security Operations Platform, including capabilities for identity-based threat detection, alert management, automation, and managed response. The Red Canary platform is used by companies of any size and around the world to detect threats, respond to incidents, and improve security operations. The company offers Managed Detection and Response (MDR) via its platform, runs on top of leading XDR platforms such as Microsoft 365 Defender, and was named a Leader in Forrester Research’s 2021 MDR Wave.
Unlike other MDR providers, which simply collect third-party security alerts and send them to customer security operations teams for handling, Red Canary’s Platform includes Security Engineering as a Service, embedding raw telemetry collection, custom detection engineering, alert suppression, continuous detection sharing across all customers, and threat intelligence curated from thousands of incident response engagements.
The latest version of Red Canary’s Security Operations Platform includes:
Vendor-neutral MDR for endpoints - Red Canary provides managed detection and response across all leading EDR products, including Microsoft Defender for Endpoint, and recently announced support for SentinelOne Singularity. Red Canary has industry-leading experience handling the high data volumes of EDR products and ensuring successful EDR deployments.
EDR Migration tools - As the EDR industry has matured, customers are increasingly migrating from early products to new leaders. The Red Canary platform includes tools to ensure successful migration, without downtime or impact to security operations. Migration support is included in the standard customer license fee, so that organizations can select and move to the solutions that best meet their needs, without incurring additional MDR costs.
Platform-neutral MDR for infrastructure - As companies modernize their legacy apps, using Linux-based containers and virtual machines, and move to the cloud, they face new threats to these applications. Red Canary has developed a threat detection service optimized for Linux production systems, regardless of where they are deployed. Customers who cannot deploy third-party EDR Linux agents, because of performance impact, can use Red Canary’s MDR service for Linux systems without issue.
Account compromise detection - Red Canary offers new capabilities for account compromise detection, via support for Microsoft Defender for Identity and Azure Defender for Identity. Using data from a customer’s Defender for Identity instance, the Red Canary platform can apply behavioral analytics to detect unusual patterns in account access