Red Canary aims to reduce false-positive IT security threat alerts

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Frank J. Ohlhorst. ThirdCertainty

Secu­ri­ty start-up Red Canary believes false pos­i­tives are one of the biggest pro­duc­tiv­i­ty drains cre­at­ed by end­point threat detec­tion and response (ETDR) products.

The Den­ver-based com­pa­ny has launched an ETDR man­aged ser­vice that promis­es to vast­ly reduce the com­plex issues often asso­ci­at­ed with such prod­ucts, while block­ing false pos­i­tives, which are the scourge of many dig­i­tal secu­ri­ty professionals.

Secu­ri­ty & Pri­va­cy News Roundup: Stay informed of key pat­terns and trends

The del­uge of infor­ma­tion and false pos­i­tives that bom­bard IT secu­ri­ty teams dai­ly (means that) spot­ting actu­al threats drains con­sid­er­able resources, and threats are often dis­cov­ered too late,” says Bri­an Bey­er, co-founder and CEO of Red Canary. “The major­i­ty of com­pa­nies do not have the exper­tise and resources to defend them­selves successfully.”

Cost­ing time and money

A recent report from the Ponemon Insti­tute, based on a sur­vey of 630 IT pro­fes­sion­als, cal­cu­lates that they were spend­ing an aver­age of $1.27 mil­lion annu­al­ly in respond­ing to inac­cu­rate and erro­neous intel­li­gence alerts.

Accu­ra­cy of detec­tion and speed of response to today’s attacks from per­sis­tent threats are the great­est chal­lenge to IT secu­ri­ty teams … and with the sever­i­ty and fre­quen­cy of mal­ware attacks increas­ing, it’s a chal­lenge that is only going to grow,” says the report’s author, Lar­ry Ponemon.

Red Canary aims to reduce the admin­is­tra­tive over­head nor­mal­ly found in ETDR prod­ucts with its ETDR platform.

Brian Beyer
Bri­an Bey­er, Red Canary co-founder and CEO

We have built our own pro­pri­etary detec­tion tech­nol­o­gy.” Bey­er says. “We also inte­grate the best tech­nolo­gies avail­able to deliv­er supe­ri­or detec­tion. By com­bin­ing best-of-breed capa­bil­i­ties into a sin­gle plat­form, Red Canary can pro­vide detec­tion across the entire cyber kill chain, instead of … a sta­t­ic approach (that) only detects sig­na­ture-based threats, and focus on one or two stages of the kill chain.”

No easy answers

As cyber­se­cu­ri­ty becomes more com­plex, busi­ness­es are turn­ing to cloud-based secu­ri­ty ser­vices to han­dle grow­ing threats, says Gart­ner, an infor­ma­tion tech­nol­o­gy research com­pa­ny. This is one of sev­er­al secu­ri­ty-relat­ed trends that will emerge and grow in the com­ing year and beyond, Gart­ner ana­lyst Earl Perkins said at the Gart­ner IAM Sum­mit 2015 in Lon­don. “Busi­ness­es need to watch the devel­op­ment of secu­ri­ty ser­vices from the cloud, as we expect these to grow and evolve.”

Our prod­uct requires no train­ing, and there are no inte­gra­tion hur­dles,” Bey­er says. “Red Canary … eliminate(s) false pos­i­tives through the use of human ana­lysts, to ensure true threat detec­tions are deliv­ered to cus­tomers. We have focused on build­ing the human piece right into the man­aged ser­vice. … Our cus­tomers can be con­fi­dent we are not tak­ing advan­tage of them when they need help the most.”

Red Canary recent­ly announced the first tech­nol­o­gy part­ners that help make up its plat­form, includ­ing Bit9 + Car­bon BlackFar­sight Secu­ri­ty and Threat Recon. The Red Canary plat­form com­bines these and oth­er detec­tion tech­nolo­gies and tech­niques with pro­pri­etary behav­ior analy­sis and anom­aly-detec­tion algorithms.


Found­ed: Feb­ru­ary 2014

Num­ber of employ­ees: 10, with plans for more

Core busi­ness: Red Canary gives orga­ni­za­tions the abil­i­ty to clar­i­fy threat-detec­tion issues, less­en­ing the time spent deal­ing with false pos­i­tives, and respond in a more effi­cient and afford­able man­ner. Red Canary says its plat­form com­bines best-of-breed tech­nolo­gies and tech­niques, includ­ing a human lay­er of exper­tise for addi­tion­al intelligence.

Recent devel­op­ments: Last week, Red Canary announced $2.5 mil­lion in seed fund­ing, led by Kyrus, a cyber­se­cu­ri­ty solu­tions provider. Red Canary will use the funds to bring its man­aged ser­vice to mar­ket. The ser­vice com­bines a mul­ti­di­men­sion­al-detec­tion sys­tem with human analysts.

The com­pa­ny also unveiled the first tech­nol­o­gy part­ners to help make up its plat­form, includ­ing Bit9 + Car­bon Black, Far­sight Secu­ri­ty and Threat Recon. The Red Canary plat­form com­bines these and oth­er detec­tion tech­nolo­gies and tech­niques with pro­pri­etary behav­ior analy­sis and anom­aly-detec­tion algorithms.

More on emerg­ing best practices:
3 steps for fig­ur­ing out if your busi­ness is secure
5 steps to secure cyr­tog­ra­phy keys, dig­i­tal certificates
6 steps for stop­ping hacks via a con­trac­tor or supplier

Posted in Data Security, Editor's Picks