Red Canary Reviews

My main use case for Red Canary is to ensure I can sleep at night by getting 24/7 coverage by a capable team to investigate any alerts for the systems that we have in place to ensure we don't have any security or suspicious activity.

I can give you a specific example of a situation where Red Canary helped me out and made a difference: we've had more than a few instances where a user clicked on a phishing link, invoking connections to hostile sites. Through alerts in Defender, the Red Canary team identified, confirmed, and investigated the threat before they reset the user's credentials and contacted us to work with the user to resolve the situation.

I have at least one other instance where Red Canary investigated an alert and continued doing additional investigations of logging and activity from that user and their systems around that proximity to confirm that there was no further suspicious activity.

In my experience, the best features Red Canary offers are their team, their monitoring team, their expertise at incident investigation, and a focus on suspicious or actual indicators of compromise to ensure that we're not spending time just reviewing logs, but that we're actually looking at things that may indicate we have broader issues.

The Red Canary team's expertise stands out compared to others I've worked with because their team is organized into smaller pods that support a given number of clients, so they're not just a bevy of operators going around the clock. The teams themselves have coordination and cohesion, and they get to know us. Their integrations into the different platforms and systems that we use all line up with our needs, whereas a number of other platforms offered a different variety of integrations that did not line up with our requirements.

Red Canary has positively impacted my organization because I don't have to spend and hire resources to look at logs, which has enabled us to do much more in terms of improving security across the organization. With the freed-up resources, we've been able to implement CSPM, SAST, software testing tooling, and engage much more closely with our developers and engineers to focus on secure architecture and design.

Red Canary can be improved by continuing to add new features and capabilities to what they are looking at, including the types of data they're looking at and the types of systems that they're integrating with.

I have been using Red Canary for three and a half years.

Red Canary is stable.

Red Canary's scalability has been a non-issue for us; we've been able to connect and throw all of the data that we have access to over to their systems to parse, process, and monitor without issue. There have been no issues or challenges in scaling, so I have not noticed any pain points when trying to scale up.

Their customer support is excellent, with monthly calls with our CSA, who takes care of us.

I previously used a different solution called Blue something, but I cannot recall the exact name. I decided to switch from that solution to Red Canary because they were a managed SOC provider and they were not good; they were very cheap, with very poor service.

My experience with pricing, setup cost, and licensing is that everything went very smooth. Pricing was straightforward, and we were done with setup during our POC, not having any additional work or rework that we had to do when we moved to production.

I think that we have probably spent maybe 15% of the time that we were spending on incident investigation and system monitoring, demonstrating a return on investment.

Before choosing Red Canary, I evaluated other options, specifically Expel and Cydrus.

My advice for others looking into using Red Canary is that as long as your system integrations line up with their support, I think you'll be happy.

My main use case for Red Canary is that a Red Canary analyst monitors our logs, and if they see any abnormality, they create a ticket that we use to analyze the situation. We assign that ticket and analyze it to ensure we have all the details needed. We use other tools to investigate, but we mainly rely on the evidence from Red Canary, and we can also use the isolate feature from Red Canary. There are threat reports and agents, and in our environment, we have endpoints and identity as well.

A recent situation where I used Red Canary to analyze a ticket involved an employee from the US who logged in from the UK, a country he had never visited before. Red Canary's analyst assumed that account was compromised, but after analyzing using our other tools, it seemed the login was legitimate. The user confirmed he had traveled to the UK and used one of our company phones to log into the account to check emails, so the alert triggered was a true positive but a legitimate anomaly.

The best features Red Canary offers are that they monitor our logs and have their own use cases, providing us with these tickets. If we miss anything, we treat Red Canary as a secondary triggering tool, so we use it as a secondary detection tool.

The most valuable feature in my day-to-day work is that those logs are monitored by actual experienced analysts from Red Canary. Although we have tools from our end with use cases, those can miss some events and incidents, but since Red Canary uses active, live agents to monitor and detect these anomalies, we rely on that feature for our security operation center.

Red Canary has impacted my organization positively because we treat any ticket triggered by them as high priority due to the fact that 99 percent of the time it is a true positive. They can isolate machines, which is a feature I really appreciate because if something happens on a weekend when we are not available, they can isolate it and contain the situation.

I wish Red Canary could have a graph that shows the endpoint, user, and how it spreads, providing a visual representation to easily identify what happened.

I have been using Red Canary for one year.

I have not experienced any stability or reliability issues with Red Canary so far.

Red Canary's scalability is good in my experience, and we have not had any problems with scalability.

The customer support has been really good from what I have seen. If I need more details about any incident, there is a contact us option to reach an agent, or another agent can substitute if the previous one is not available, allowing us to get additional details and opinions.

I cannot speak to using a different solution before Red Canary because I started working here, and it has always been Red Canary.

I cannot speak to the process to purchase Red Canary with certainty because I am an end user. Perhaps our managers or directors have a better answer regarding the purchasing process, but I do not know those details.

I lack insight into pricing, setup cost, and licensing because I am an end user.

I believe we have seen a return on investment because we utilize Red Canary effectively. Any missed detection will definitely be triggered by Red Canary. I think it is a good investment since it provides accurate details.

I have no idea if my organization evaluated other options before choosing Red Canary, as that was perhaps another person's or another team's decision. Our role is to utilize this application without involvement in purchasing or decision-making.

We use Red Canary as a secondary monitoring service so if our main tools miss any detection, Red Canary will detect it. We critically treat any alert from Red Canary as a high-priority ticket because it is most probably a true positive, but it can also be a legitimate anomaly, so we will treat it as a priority one case.

Red Canary serves as a secondary triggering tool, and we do not really use any kind of SLA or anything. They monitor and create threat tickets they believe are threats, and we use it as a secondary monitoring tool.

My advice to others looking into using Red Canary is to consider it as a good secondary detection tool, and they have good customer support. I would rate this product an 8 out of 10.

Positive

My company uses Red Canary MDR to simulate MITRE ATT&CK, like spearphishing and updating domain names.

The most valuable feature of the solution is its automation part. If we have to perform MITRE ATT&CK, we have to do it step by step, wherein we have to run all the commands, while Red Canary MDR automates everything. We must run a single command, and Red Canary MDR will do everything on our behalf.

Red Canary MDR generates a lot of output, so it would be good if, in the end, it generates a summary of all the previous attacks and what was the outcome of a single attack, especially so that it becomes easy for the user to see the summary and analyze the whole thing. In general, the solution currently fails to provide a summary to its users.

I have experience with Red Canary MDR for one of my projects for around two months. I am a user of the solution.

It is a stable solution.

Scalability-wise, it's actually a good product.

In my company, a group of four people uses the solution.

The initial setup of Red Canary MDR was very easy since we just had to run some simple commands.

The solution is deployed on-premises.

The deployment process takes five to ten minutes.

Red Canary MDR I use is an open-source tool.

My company chose Red Canary MDR over other solutions for its automation features.

I recommend Red Canary MDR to others because it is a good product.

If I had to do one of the projects in my company without Red Canary MDR, it would have taken me a lot of time to complete it.

I rate the overall solution a nine out of ten.

We use the solution's MDR service to monitor our Microsoft 365 environment, including Defender Endpoint.

Red Canary MDR has sped up our ability to receive alerts when there is a security event.

The first valuable feature for me is the speed of response. It provides near real-time alert reviews. And then the near real-time review translates into near real-time action. So, in addition to alerting, Red Canary MDR has response playbooks built out. 

So we're able to offload some of the immediate response actions. So if an endpoint is compromised, their response isolates that endpoint before it can do more harm.

The price could always be better. 

In future releases, I would like to see more firewall integration options for alerting.

I have been using Red Canary MDR for two months. It's a cloud service.

So far, the stability has been good. We haven't encountered any issues. It has only been two months, though, so we're not expecting problems within this relatively short time.

Scalability depends on the context. If we consider scalability across different clients, as our IT managed services provider, I would rate it excellent. We don't anticipate outgrowing them.

Customer service and support are excellent. 

Positive

The initial setup was quite straightforward. Their deployment team is extremely competent and worked with our security team to roll it out over a couple of weeks.

We have seen an ROI. We do have plans to increase the usage in the future. We're planning to start rolling it out to our customers.

The price could always be better, but we believe it's worth it. Transparently, it's a valuable security enhancement.

We have been very happy with everything, from the sales process to the implementation and deployment playbook. I'm highly content.

The best advice I can give is that Red Canary works best with a very Microsoft-centric cloud strategy. So if a business aligns with that, it's a good fit. If it's not Microsoft-centric, there might be other solutions that would fit better. That's my impression after the work we've done.

So far, we're pretty Microsoft-centric, so it's definitely the right fit for us.

Overall, I would rate it a nine out of ten because nothing is perfect. 

We started using Red Canary MDR because we had malware issues within our company.

The valuable features of this solution are it integrates well with different EDR software, such CrowdStrike, and Carbon Black, and the information it provides is helpful.

I would like there to be an on-premise version of this solution for our data centers because of the proliferation of online threats.

In an upcoming release, there could be support for other languages, such as Korean or Japanese.

I have been using this solution for approximately six months.

I did not have any problems with the stability of this solution.

We have our SOC and CERT incident response protocols to follow and when we have an issue or an outbreak, we can handle it on our own. I have not needed the help of technical support from the outside.

I have not compared Red Canary to other solutions to know if the price is high or low. However, I have found the price of this solution fair and reasonable, it cost approximately $100 per year, per device. If they could provide the solution for $50 per year, per device, it would be better.

I am satisfied with this solution and it is very competitive with other similar EDR or MDR solutions because it provides very impressive information about the root cause of the threat, such as malware.

I rate Red Canary MDR a nine out of ten.

We use Red Canary MDR for threat protection.

The solution works well for what we use it for and the support and protection are good.

The most valuable feature of Red Canary MDR is the overall threat protection it provides.

I have been using Red Canary MDR for approximately two years.

I rate the support from Red Canary MDR a nine out of ten.

Positive

The initial deployment of Red Canary MDR was simple and took a few days.

We have an agent on all the computers and Carbon Black feeds all the information to Red Canary MDR.

The vendor did most of the setup as it is a cloud service.

The solution could vary in price depending on how many endpoints a company has.

I rate the price of Red Canary MDR a five out of ten.

I rate Red Canary MDR a nine out of ten.