False positives are a given with many enterprise security technologies. They are also dangerous, since they create "noise" that can cause security professionals to ignore legitimate alerts. Denver-based startup Red Canary wants to eliminate false positives by offering an endpoint threat detection managed service created by combining several best-of-breed technologies and adding a human element to bring it all together.
"There are a lot of security products that do good things, but at some point you need a smart team to look at all of the data coming out of those products and make the right decision for your organization," said Red Canary CEO and co-founder Brian Beyer, adding that only a small percentage of companies possess the budget and resources to do this themselves.
His company provides endpoint security "for the 95 percent of companies that understand they have a need for this kind of a solution but do not have a way to build it themselves," Beyer said. "Great security can't just be for those 5 percent of companies; it has to be for everybody."
The proof is in the numbers, Beyer said, noting that Red Canary has delivered more than 1,900 confirmed threats to its customers over the past year, with only three false positives. One of the false positives was due to a penetration test that not all members of the customer's security team knew was being conducted.
"If you get a notification from us, you know you need to sit up, take notice and get into the office, because you have a problem to deal with," Beyer said
Partners and Platform
Red Canary, which in March received $2.5 million in seed funding, started out working with a technology incubator run by boutique security firm Kyrus. Carbon Black, which was purchased by Bit9 last year, also came out of the incubator and is one of Red Canary's technology partners, along with Farsight Security and Threat Recon.
Red Canary will add new partners "as attackers evolve and as we see new companies in the market," Beyer said. "Our approach is always going to be evolving."
The Red Canary platform includes endpoint sensors, a threat detection engine comprised of multiple technologies, behavioral and binary analysis, threat intelligence and final review by a human team. This multi-layered approach is highly reliant on analytics, Beyer said.
"When you do analytics, you have to understand the data you are looking at and you have to start with good data," he said. "If you do analytics on bad data, you just end up with more questions. Unfortunately, a lot of security products just leave you with more questions."
Though Red Canary's managed service seems like an especially good fit for small companies that lack security staff, Beyer said its customers include organizations of all sizes, including a Fortune 500 company, a multi-national pharmaceutical company and a defense contractor. The company's current sweet spot seems to be midsize organizations with 500 to 5,000 employees.
"We have customers with less than 100 endpoints to extremely large customers in the Fortune 500," he said. "Our ideal customer has a strong perimeter but understands their endpoints are not well defended. Size is not always a great indicator of that."
Beyer said Dell SecureWorks and other competitors are helping raise the profile of endpoint security, which is bringing his company new customers.
One of Red Canary's key differentiators is a commitment to simplicity, in everything from its pricing models to its user interface which, unlike some security products, is "not tables, tables and more tables," Beyer said.
"Making things simple is incredibly hard," he said. "It's easy to put all of the data out there, but it's hard to boil it down to one line or one metric or one bit of information the user really cares about or needs to know."
Fast Facts about Red Canary
Founded: February 2014
Founders: Brian Beyer, Keith McCammon, Jason Garman, Chris Rothe
Product: Endpoint security threat detection managed service
Funding: $2.5 million from Kyrus
Customers: Organizations of all sizes, including a Fortune 500 company, multi-national pharmaceutical company and defense contractor.
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.