Farsight Security NOD Integrated With Red Canary Threat Detection Engine to Secure Endpoints
If you’re a small or medium size business, one of the biggest challenges youface is securing and monitoring your users’ systems. You may not have the staff(or the budget!) to run a large in-house security team, but your systems aresubject to the same range of attacks as the Fortune 500.
Red Canary understands these challenges and has developed a simple yet highlyeffective approach to protecting today’s enterprises that significantly reducesfalse positives. Red Canary has integrated Farsight Security Newly Observed Domains(TM) (NOD) and other select best-of-breed technologies and techniquesinto its new service to deliver an all-in-one solution that makes endpointthreat detection and response attainable for any business.
Farsight NOD is a new set of data solutions that provide security teams withreal-time, actionable insights on the basis of the age of domain names. NODleverages Farsight’s real-time Passive DNS telemetry feed, and cross-referencesthat data with its industry-leading Farsight DNSDB(TM) historical Passive DNSdatabase.
The Red Canary-Farsight NOD Approach
Red Canary is an agent-based solution that runs on enterprise Windows(R) orMac systems, securely collecting and streaming all endpoint activity e.g.registry keys, files, etc. Red Canary’s Threat Detection Engine performs amultidimensional examination of all this activity, flagging potential threatsfor further review. Human analysts will confirm actual threats and Red Canarynotifies customers with an actionable detection. Once you’ve gotten Red Canaryinstalled, it just runs, with Red Canary monitoring for incidents that needlocal attention. Red Canary customers can check a secure web portal, orconfigure a variety of push notifications for urgent matters that need to bedealt with at once.
By using Farsight Security’s NOD DNS Block List as part of its Threat DetectionEngine, Red Canary is able to immediately identify a unique class of anomalousnetwork events. NOD leverages the fundamental truth that there’s no reason fora customer’s workstation to reach out to a domain name that may be only minutesor hours old — that is, unless it’s been infected with malware or otherwisecompromised. By monitoring for those sorts of events, Red Canary can easily andquickly identify systems that need local review.
To learn more about how Red Canary and Farsight are working together to deliverextensive detection in near-real time without the false positives, all enablingfaster response, visit http://www.redcanary.co.
Karen Burke is the Director of Marketing and Communications for FarsightSecurity, Inc.
Heading
