Farsight Security NOD Integrated With Red Canary Threat Detection Engine to Secure Endpoints
If you’re a small or medium size business, one of the biggest challenges you face is securing and monitoring your users’ systems. You may not have the staff (or the budget!) to run a large in-house security team, but your systems are subject to the same range of attacks as the Fortune 500.
Red Canary understands these challenges and has developed a simple yet highly effective approach to protecting today’s enterprises that significantly reduces false positives. Red Canary has integrated Farsight Security Newly Observed Domains(TM) (NOD) and other select best-of-breed technologies and techniques into its new service to deliver an all-in-one solution that makes endpoint threat detection and response attainable for any business.
Farsight NOD is a new set of data solutions that provide security teams with real-time, actionable insights on the basis of the age of domain names. NOD leverages Farsight’s real-time Passive DNS telemetry feed, and cross-references that data with its industry-leading Farsight DNSDB(TM) historical Passive DNS database.
The Red Canary-Farsight NOD Approach
Red Canary is an agent-based solution that runs on enterprise Windows(R) or Mac systems, securely collecting and streaming all endpoint activity e.g. registry keys, files, etc. Red Canary’s Threat Detection Engine performs a multidimensional examination of all this activity, flagging potential threats for further review. Human analysts will confirm actual threats and Red Canary notifies customers with an actionable detection. Once you’ve gotten Red Canary installed, it just runs, with Red Canary monitoring for incidents that need local attention. Red Canary customers can check a secure web portal, or configure a variety of push notifications for urgent matters that need to be dealt with at once.
By using Farsight Security’s NOD DNS Block List as part of its Threat Detection Engine, Red Canary is able to immediately identify a unique class of anomalous network events. NOD leverages the fundamental truth that there’s no reason for a customer’s workstation to reach out to a domain name that may be only minutes or hours old — that is, unless it’s been infected with malware or otherwise compromised. By monitoring for those sorts of events, Red Canary can easily and quickly identify systems that need local review.
To learn more about how Red Canary and Farsight are working together to deliver extensive detection in near-real time without the false positives, all enabling faster response, visit http://www.redcanary.co.
Karen Burke is the Director of Marketing and Communications for Farsight Security, Inc.
