Intelligence Insights: March 2025
Worms break ground and fake browser updates march forward in this month's edition of Intelligence Insights
The Red Canary Blog: Information Security Insights
What does Google’s $32B acquisition of cloud security startup Wiz mean for security operations?
1 day 5 hours ago
Cloud security is a rapidly accelerating challenge for security operations—a trend highlighted in our 2025 Threat Detection Report.
Keith McCammon
Identity attacks and infostealers dominate the 2025 Threat Detection Report
3 days 8 hours ago
Our annual analysis brings you a year’s worth of security operations and intelligence insights, with actionable guidance on every page.
Susannah Clark Matt
Red Canary named a Leader in MDR
2 weeks 1 day ago
We wrote the playbook on detection-as-code detection engineering. Forrester now recognizes us among top vendors in the MDR market.
Kelly Horsford
Dive into the Red Canary Security Data Lake
2 weeks 4 days ago
Red Canary now offers cost-efficient data storage that improves your security posture. Learn more about our new Security Data Lake offering.
Dylan Solomon
Polishing Ruby on Rails with RSpec metadata
3 weeks 2 days ago
RSpec metadata helps Red Canary’s engineers generate clean and consistent tests in our Ruby on Rails application
Tom Bonan
Intelligence Insights: February 2025
1 month ago
Infrared Ibis infiltrates Chrome extensions and Saffron Starling surprises in this month's edition of Intelligence Insights
The Red Canary Team
Defying tunneling: A Wicked approach to detecting malicious network traffic
1 month 1 week ago
Follow the yellow brick tunnel for malware analysis of RATs and worms and spyware, oh my! Read our deep dive on network tunneling.
Tony Lambert
CopyObjection: Fending off ransomware in AWS
1 month 2 weeks ago
Why automated response is a necessity to thwart ransomware attacks in Amazon Web Service cloud environments
Jesse Griggs
The unusual suspects: Effectively identifying threats via unusual behaviors
1 month 3 weeks ago
In the world of identity, cloud, and SaaS, we must move beyond detecting explicitly malicious behaviors to detecting unusual behaviors.
Sam Straka
Intelligence Insights: January 2025
1 month 4 weeks ago
DarkGate returns and the Tangerine Turkey VBS worm peels off of USBs in this month's edition of Intelligence Insights
The Red Canary Team
Tangerine Turkey mines cryptocurrency in global campaign
1 month 4 weeks ago
Named by Red Canary, Tangerine Turkey is a VBscript worm delivered via USB that ultimately drops a cryptomining payload
Stef Rand
What we learned by integrating with Google Cloud Platform
2 months ago
An engineer behind Red Canary’s GCP integration recounts how we remodeled our detection engine to ingest millions of new telemetry logs
Whil Piavis
Incorporating AI agents into SOC workflows
2 months ago
With the right guardrails, AI agents quantifiably improve speed in your security operations center, without compromising accuracy
Jimmy Astle
Shrinking the haystack: The six phases of cloud threat detection
2 months 1 week ago
Red Canary parses through 6 billion telemetry records per day to detect threats in our customers’ cloud environments. Here’s how we do it.
Brian Davis
Shrinking the haystack: Building a cloud threat detection engine
2 months 1 week ago
A step-by-step guide to building a framework for ingesting billions of cloud telemetry records to detect and respond to cyber threats
Brian Davis
Intelligence Insights: December 2024
3 months ago
Paste and run persists and HijackLoader cuts the line to drop LummaC2 in this month's edition of Intelligence Insights
The Red Canary Team
Red Canary’s best of 2024
3 months ago
As Red Canary wraps up our first decade, take a look back at our best blogs, videos, guides, and webinars of the year.
Susannah Clark Matt
A defender’s guide to identity attacks
3 months ago
Everything defenders need to know about identity attack technqiues and how to protect your users and assets
Laura Brosnan
Single sign-on, double trouble: Credential theft using AWS access tokens
3 months 1 week ago
SSO access tokens can buy adversaries more time as they exfiltrate credentials and other sensitive information from a victim’s AWS CLI
Jesse Griggs
Checked
2 minutes 44 seconds ago