The endpoint is the most vulnerable link in enterprise security, constantly under attack and prone to human error. Yet the security products designed to protect it are subject to high levels of false positives.
The result is that providing effective protection can be complex and stretch the resources and budget of even quite large organizations.
Denver-based Red Canary, founded by a team with a strong background in security and defense intelligence is offering a four-pronged approach to detecting threats in real time and eliminating false positives.
It uses a combination of behavioral analysis to detect malicious software or activity; anomaly detection to pick up activity such as logons from other locations; binary analysis to look at the reputation of binaries but also their potential for harm; and threat intelligence to protect across the customer base.
Crucially every suspicious event flagged by the company's Threat Detection Engine is then subject to human review. "Businesses have become over reliant on technology to protect their endpoints. This is why Red Canary uses a human analyst team to eliminate false positives," Red Canary's CEO Brian Beyer says. "Smaller companies can't afford the expertise to do this in house".
Combining best of breed technologies and adding human review Red Canary enhances response by detecting threats in hours rather than weeks, by delivering actionable detections, and by providing extensive endpoint visibility.
"Enterprises have to identify assets, know what they're defending and have the right systems in place if their perimeter is breached," adds Beyer. "This means investing in people and giving them the right tools to do the job."
You can find out more about Red Canary's approach to endpoint protection on the company's website.
Image credit: bannosuke / Shutterstock