Red Canary aims to reduce false-positive IT security threat alerts
By Frank J. Ohlhorst. ThirdCertainty
Security start-up Red Canary believes false positives are one of the biggest productivity drains created by endpoint threat detection and response (ETDR) products.
The Denver-based company has launched an ETDR managed service that promises to vastly reduce the complex issues often associated with such products, while blocking false positives, which are the scourge of many digital security professionals.
Security & Privacy News Roundup: Stay informed of key patterns and trends
“The deluge of information and false positives that bombard IT security teams daily (means that) spotting actual threats drains considerable resources, and threats are often discovered too late,” says Brian Beyer, co-founder and CEO of Red Canary. “The majority of companies do not have the expertise and resources to defend themselves successfully.”
Costing time and money
A recent report from the Ponemon Institute, based on a survey of 630 IT professionals, calculates that they were spending an average of $1.27 million annually in responding to inaccurate and erroneous intelligence alerts.
“Accuracy of detection and speed of response to today’s attacks from persistent threats are the greatest challenge to IT security teams … and with the severity and frequency of malware attacks increasing, it’s a challenge that is only going to grow,” says the report’s author, Larry Ponemon.
Red Canary aims to reduce the administrative overhead normally found in ETDR products with its ETDR platform.
“We have built our own proprietary detection technology.” Beyer says. “We also integrate the best technologies available to deliver superior detection. By combining best-of-breed capabilities into a single platform, Red Canary can provide detection across the entire cyber kill chain, instead of … a static approach (that) only detects signature-based threats, and focus on one or two stages of the kill chain.”
No easy answers
As cybersecurity becomes more complex, businesses are turning to cloud-based security services to handle growing threats, says Gartner, an information technology research company. This is one of several security-related trends that will emerge and grow in the coming year and beyond, Gartner analyst Earl Perkins said at the Gartner IAM Summit 2015 in London. “Businesses need to watch the development of security services from the cloud, as we expect these to grow and evolve.”
“Our product requires no training, and there are no integration hurdles,” Beyer says. “Red Canary … eliminate(s) false positives through the use of human analysts, to ensure true threat detections are delivered to customers. We have focused on building the human piece right into the managed service. … Our customers can be confident we are not taking advantage of them when they need help the most.”
Red Canary recently announced the first technology partners that help make up its platform, including Bit9 + Carbon Black, Farsight Security and Threat Recon. The Red Canary platform combines these and other detection technologies and techniques with proprietary behavior analysis and anomaly-detection algorithms.
ABOUT RED CANARY
Founded: February 2014
Number of employees: 10, with plans for more
Core business: Red Canary gives organizations the ability to clarify threat-detection issues, lessening the time spent dealing with false positives, and respond in a more efficient and affordable manner. Red Canary says its platform combines best-of-breed technologies and techniques, including a human layer of expertise for additional intelligence.
Recent developments: Last week, Red Canary announced $2.5 million in seed funding, led by Kyrus, a cybersecurity solutions provider. Red Canary will use the funds to bring its managed service to market. The service combines a multidimensional-detection system with human analysts.
The company also unveiled the first technology partners to help make up its platform, including Bit9 + Carbon Black, Farsight Security and Threat Recon. The Red Canary platform combines these and other detection technologies and techniques with proprietary behavior analysis and anomaly-detection algorithms.
More on emerging best practices:
3 steps for figuring out if your business is secure
5 steps to secure cyrtography keys, digital certificates
6 steps for stopping hacks via a contractor or supplier