{"id":102117,"date":"2021-11-29T09:00:21","date_gmt":"2021-11-29T17:00:21","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=102117"},"modified":"2023-05-15T23:03:17","modified_gmt":"2023-05-16T06:03:17","slug":"how-red-canary-and-microsoft-can-help-reduce-your-alert-fatigue","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/29\/how-red-canary-and-microsoft-can-help-reduce-your-alert-fatigue\/","title":{"rendered":"How Red Canary and Microsoft can help reduce your alert fatigue"},"content":{"rendered":"

This blog post is part of the Microsoft Intelligent\u00a0Security Association\u00a0guest blog series<\/a>.\u00a0Learn more about MISA<\/a>.<\/em><\/p>\n

Security alert fatigue<\/h2>\n

Organizations often feel overwhelmed by the number of security alerts they receive. Frustrated by alert fatigue, these organizations want a deeper understanding of security threats and extended coverage to protect themselves. Enterprises typically maintain 70 security products from 35 different vendors<\/strong>1<\/sup> and burnout from alert fatigue can lead to choices that put a company\u2019s security at risk. Prospective customers have told us they mute security alerts or create rules to ignore or turn off alerts. Some security operations leaders have even said that if a security alert isn\u2019t resolved within a week, it\u2019s automatically deleted from the system.<\/p>\n

Security alert fatigue happens when employees become desensitized to alerts and alarms from tools and technology because of their frequency. Since 2019, the number of security alerts has increased by 34 percent<\/strong>.2<\/sup> In fact, 44 percent of alerts go uninvestigated<\/strong>1<\/sup> because of the high volume and inadequate staff levels.<\/p>\n

Red Canary is a security ally for customers<\/h2>\n

Security alerts lack the context customers need to determine which alerts are a serious threat and which are noise. They also wonder, \u201cIf we were attacked, how fast could we contain a security threat?\u201d Security alerts don\u2019t answer this question. That\u2019s why Red Canary, a cybersecurity software as a service (SaaS) company that provides outcome-focused solutions for security operations teams, developed a security operations platform that powers their Managed Detection and Response (MDR) solutions. Red Canary MDR integrates with Microsoft Defender for Endpoint<\/a> to help customers detect and respond to cybersecurity threats in their environment. Red Canary MDR + Microsoft Defender for Endpoint<\/a> is a powerful combination for modern security operations teams to protect their organizations.<\/p>\n

Founded in 2014, Red Canary<\/a> is a security ally for customers<\/a> and an extension of their security teams. Underpinning Red Canary\u2019s MDR solution is its all-day security operations team. These detection engineers provide extended coverage for long-term customer peace of mind. Red Canary is continuously monitoring and reviewing every potential threat\u2014even detections that appear outwardly benign are investigated.<\/p>\n

Red Canary\u2019s approach<\/h2>\n

When its MDR solution detects a security threat for one customer, a logic-based detection engine is strengthened and used to detect similar threats for other customers. Thousands of detectors\u2014a number that is growing all the time\u2014trigger investigations on anything suspicious that\u2019s detected.<\/p>\n

Red Canary\u2019s solution supercharges the already powerful Microsoft Defender for Endpoint and also now supports Microsoft Defender for Identity<\/a>, to help security operations teams protect on-premises identities, and Microsoft Azure Active Directory (Azure AD) Identity Protection<\/a>, to protect identities and user accounts for Azure AD customers along with recently announced support for publishing confirmed detections into Microsoft Sentinel<\/a>.<\/p>\n

The Red Canary technology is only half the story. Customers also benefit from the deep threat detection expertise with detection engineers and incident handlers available around the clock, serving as an extension of a customer\u2019s security team.<\/p>\n

\u201cWe increase the confirmed detections and tune down the noise of security alerts.\u201d<\/em>\u2014Cordell BaanHofman, General Manager, Red Canary + Microsoft Security at Red Canary<\/p><\/blockquote>\n

\"Red<\/p>\n

Bridging the expertise and budget gap<\/h2>\n

Besides alert fatigue, companies also struggle with two other big challenges that restrict their ability to respond to cyberthreats: a lack of cybersecurity expertise and a limited budget. Many organizations lack the in-house expertise to review, investigate, and respond to Microsoft Defender for Endpoint security threats. Often, budget prevents them from hiring people with the expertise to operationalize Microsoft Defender for Endpoint or provide all-day coverage.<\/p>\n

Red Canary supports these companies by giving them access to a team of cybersecurity experts and all-day coverage. It offers them an \u201ceasy button,\u201d including customizable, automated incident response playbooks which enhance the pre-built automated incident response model of Microsoft Defender for Endpoint. Red Canary’s approach to threat detection continues to effectively protect its customer base from ransomware\u2014like the Conti and REvil families that have been implicated in so many prominent attacks this year\u2014and other high-impact threats.<\/p>\n

The company analyzes alerts and raw telemetry through APIs connected to Microsoft Defender for Endpoint. Customers are only notified of confirmed threats\u2014in the middle of the night if it\u2019s a critical threat\u2014and are provided with full threat context to quickly respond to stop it in its tracks. This response is achieved through a combination of automation and incident response experts to neutralize and remove the threat.<\/p>\n

\"Flow<\/p>\n

After bringing in Red Canary, an IT security leader said they felt positively about their security posture for the first time in their 10-year information security career. A security analyst at a different company said the solution results in every detection being actionable and reliable. The security analyst explained: \u201cRed Canary has taken what used to be a daily workload of hours and brought it down to minutes.\u201d<\/p>\n

MISA membership<\/h2>\n

Red Canary is aligned with Microsoft\u2019s security strategy, particularly extended detection and response (XDR) and the Zero Trust<\/a> approach. Since becoming an inaugural MDR partner in 2019, Red Canary earned IP co-sell incentive status and shared the virtual stage at Microsoft Ignite with Microsoft Corporate Vice President Rob Lefferts during his advanced attack security keynote<\/a>.<\/p>\n

Red Canary was one of the early members of the Microsoft Intelligent Security Association (MISA),<\/a><\/u> joining in January 2019, and has participated in Microsoft webinars, blog posts, and marketing workshops\u2014all made possible by MISA.<\/p>\n

Learn more<\/h2>\n

One of the reasons that Red Canary and Microsoft’s relationship is so strong is the two companies share a similar ethos and objective. Red Canary\u2019s mission is to empower organizations worldwide to make their greatest impact without fear of a cyberattack. Microsoft\u2019s mission is to empower every person and every organization on the planet to achieve more. Reach out for a demonstration of Red Canary MDR + Microsoft Defender for Endpoint<\/a>.<\/p>\n