My main use case for Red Canary is to ensure I can sleep at night by getting 24/7 coverage by a capable team to investigate any alerts for the systems that we have in place to ensure we don't have any security or suspicious activity.

I can give you a specific example of a situation where Red Canary helped me out and made a difference: we've had more than a few instances where a user clicked on a phishing link, invoking connections to hostile sites. Through alerts in Defender, the Red Canary team identified, confirmed, and investigated the threat before they reset the user's credentials and contacted us to work with the user to resolve the situation.

I have at least one other instance where Red Canary investigated an alert and continued doing additional investigations of logging and activity from that user and their systems around that proximity to confirm that there was no further suspicious activity.

View full review »

We use Red Canary to monitor incoming and outgoing traffic. For example, when we receive an alert that data from our internal IP address to an external IP address has been transferred, we investigate using a Palo Alto firewall. View full review »

My company uses Red Canary MDR to simulate MITRE ATT&CK, like spearphishing and updating domain names.

View full review »

We use the solution's MDR service to monitor our Microsoft 365 environment, including Defender Endpoint.

View full review »

We started using Red Canary MDR because we had malware issues within our company.

View full review »

We use Red Canary MDR for threat protection.

View full review »