24x7 Endpoint Detection and Response
Intelligent Endpoint detection and response: Maximum confidence in data security
Imagine being able to detect and respond swiftly to credible threats on your servers, laptops, and workstations backed by the world leaders in cyber investigations and continuous threat hunting and response solutions. Kroll Responder, in an exclusive partnership with Red Canary, gives you that confidence, relieving the burden and impact of cyber threat detection and mitigation on your organization.
Kroll Responder + Red Canary is a powerful combination of technology and people:
- 24x7 monitoring and analysis of endpoints, users, and network activity enhanced with the algorithm- and analyst-driven threat hunting and detection services of Red Canary
- Kroll experts to investigate alerts and assist with any identified threats
Kroll Responder + Red Canary gives you the best of both worlds: Expanded, specialized detection and response capabilities that let your internal information security resources focus on supporting your business.
Managed Detection and Response Delivers Peace of Mind
Responder + Red Canary continuously searches for known bad and unusual behaviors, monitoring essentially all endpoint activity:
- All execution events (programs being run, command lines used)
- Metadata modifications (on registry and file system)
- Network connections (connections to the internet and cloud connections)
- Every single unique binary executed across the environment
Our forensic experts – with decades of incident response experience – have seen organizations of all sizes continue to deploy the same automated defenses over and over. The problem? They keep finding themselves breached – often for months or years without detecting it (“dwell time”).
On average, hackers go undetected on financial services networks for more than three months; for retail companies, the dwell time is more than six months. “Attackers Dodge Detection On Retailers’ Networks For Average Of 197 Days: Study.” Securityweek.com. N.p., 2016. Web.
Even larger organizations, with full-time security staff and traditional managed security providers, become so fatigued with daily alert reviews and false positives that they can miss real signs of an intrusion until the damage is done. Plus, internal security teams usually don’t see enough real intrusions to fully recognize dangerous signs and symptoms.
Endpoint Monitoring Enhanced by Behavioral and Forensic Analysis
All collected data is constantly fed through Red Canary’s detection engine in search of malicious or suspicious behavior. Potential threats are then sent to analysts for triage and further analysis.
The detection engine contains multiple threat intelligence sources and IOCs, including Kroll’s learnings from real-world intrusions. Confirmed threats are rated with a severity, classified, and include a timeline of relevant activity. This allows Kroll’s incident responders to immediately begin analysis and remediation for you.
Merging EDR Security and Incident Response
Hunt and Detect
- Red Canary managed endpoint threat detection
Behavioral analysis and analytics engine
Multiple threat intelligence sources and IOC’s, including Kroll’s learnings from real-world intrusions
Analyst-driven threat hunting and identification of threats
24x7 expert triage and analysis of potential threats
Rapid notification of validated threats
24x7 portal access with metrics, reports, and available remediation actions (e.g., block, delete, isolate, ignore)
Threat Alerts are shared with the Kroll team
Optionally, Kroll team can take active steps to block and contain a threat on your behalf (“Active Response”)
Direct Access to Kroll’s Global Cyber Team Expertise
Many of the cyber experts readily available to investigate Responder threat alerts have years of unique experience from their former service with global law enforcement and regulatory agencies:
Federal Bureau of Investigation (FBI)
- U.S. Department of Justice (DOJ)
- Securities & Exchange Commission (SEC)
- U.K. Intelligence and Policing
- Hong Kong Police Force
- U.S. Department of Homeland Security
- U.S. Secret Service
- U.S. Attorney’s Office
Award-winning Cyber Excellence
Kroll works on more than 2,000 cyber incidents every year, with clients including over 70% of the Fortune 100 and 91% of the AMLaw100. Our experts handle some of the most complex and highest profile matters in the world, and our cyber risk management excellence has been recognized with several prestigious third-party awards, some of which include:
- Global Cyber Security Pacesetter, ALM Intelligence Pacesetter Research: Cybersecurity Services 2020
- Best Cyber Security Provider, 2018-2019 National Law Journal Readers Choice
- Best of 2018 Hall of Fame, National Law Journal
- Best Data Security Provider, 2018 National Law Journal Readers Choice
- Best Global Risk & Investigations Consultant, 2018 National Law Journal Readers Choice
- “Leader” in Customer Data Breach Notification and Response Services - The Forrester Wave™ Q4 2017 Report
- In fact, the report declares Kroll “is capable of being a one-stop shop for multiple services relating to breach response, from forensic investigations to support for clients in litigation issues.”
Global, end-to-end cyber risk solutions.
Incident Response and Litigation Support
Elite investigators provide rapid, expert responses to support any cyber incident or litigation.
System Assessments and Testing
Solutions to identify, evaluate and prioritize risks to people, data, operations and technology.
Notification, Call Centers and Monitoring
Global breach notification expertise to efficiently manage regulatory and reputational needs.
Cyber Risk Retainers
Secure a true cyber risk retainer with elite digital forensics and incident response capabilities.
Incident Response Tabletop Exercises
Field-proven incident response tabletop exercise scenarios customized by cyber risk experts.
24x7 Incident Response
Compliant notifications, reputation-saving remediation, and litigation support.
Lessons from the Incident Response Trenches – Investigating and Eradicating Kwampirs
Kroll Contains, Remediates SWIFT System Cyber Fraud for Middle Eastern Bank
Point-of-Sale (POS) Compromise and MID Refund Frauds – The Monitor, Issue 5
Kroll Recognized Among Top Managed Security Service Providers Worldwide by MSSP Alert
Kroll Expands Cyber Risk Practice in Japan with Hire of Alex Shim
Andrew Beckett Discusses the Rise in Cyber Threats and Scams During COVID-19
Jonathan Fairtlough Discusses Increase in Breach Investigations with National Real Estate Investor Online