Red Canary, a security ally for businesses, has recently announced a number of significant updates to its SaaS (Software-as-a-Service)-based Security Operations Platform. Companies of all sizes around the world already use the Red Canary solution to detect threats, respond to incidents and improve their security operations. The original platform offers customers effective MDR (Managed Detection and Response), which has the ability to run alongside other leading XDR platforms, creating a multi-layered security defence. The new expanded changes, however, will drastically improve the vendor’s capabilities for identity-based threat detection, alert management, automation and managed response, providing customers with more security and a better user-experience.
Why use a SaaS-based Security Operations platform?
With the surge in attacks and potential threats, security teams find themselves stretched thin, failing to keep up with the number of alerts coming in. MDR provides more than just security alert notifications, but also supports companies in their response and remediation process. This solution goes beyond solely pointing out a security issue and works toward creating a fix. Put simply: “Don’t you want someone who will solve the problem instead of just telling you there is one? It’s a more mature approach…”
In fact, the latest version of Red Canary’s new Security Operations Platform provides customers with:
- Vendor-neutral for MDR endpoints: Customers will receive Managed Detection and Response across all leading EDR products. This includes Microsoft Defender for Endpoint.
- EDR Migration tools: The new solution includes tools to ensure successful migrations, without impacting security operations or causing downtime.
- Platform-neutral MDR for infrastructure: This will offer a new threat detection service optimised for Linux production systems, regardless of where they are deployed. It allows customers who cannot deploy third-party EDR Linux agents, to use an MDR service without any issues, while also providing a higher standard of security when moving to the cloud.
- Account compromise detection: Red Canary’s platform includes new capabilities for account compromise detection. These use data from a customer’s Defender for Identity instance and applies behavioural analytics to detect suspicious or unusual patterns in account access.
- Integrated alert management and triage: Built-in workflow automations playbooks will help customers respond consistently and efficiently to potential threats.
- Risk reporting and benchmarking: Customers will be able to perform regular analyses and reports, relative to earlier periods, other companies in the same industry and organisations of similar size. As such, security leaders can report to their executive teams and boards on the effectiveness of their security controls and their impact on business risk.
- Managed remediation of incidents: With this, trained response engineers will provide customers with guidance, set up workflows, and perform response tasks to contain any lurking threats.
Chris Rothe, CPO and co-founder of Red Canary is proud to say that “[their] platform protected [their] customers from the biggest attacks in recent months,” especially “while organizations [were] increasingly under attack from ransomware and other threats. [Red Canary’s] people have extracted and curated new behaviour and attack patterns from thousands of engagements, and [have] embedded those in the expanded platform to better protect customers from harm.”
In addition, Red Canary announced the release of new packages for consulting firms and service providers. As a result of suffering a breach, companies have a tendency to seek out the help of Incident response consulting firms, who now struggle to support the growing number of clients. The new consulting solution is designed to consult firms during the incident response process instead of after it Is complete, taking the pressure off consulting firms and creating a smoother overall flow of process.
Mandana Javaheri, global head of security, compliance, and identity business development at Microsoft believes that: “Red Canary’s platform, providing MDR for endpoints and infrastructure, aligns to Microsoft’s security strategy. Customers who are investing in Microsoft 365 Defender and XDR platform can benefit from Red Canary’s MDR platform to increase effectiveness of their security operations.”
Using this type of solution will allow companies to feel safer in their security operations and take the pressure off their security teams. It will help scale down alerts and response-time and provide sufficient and efficient security to prevent data breaches and other large-scale attacks.