24x7 Endpoint Detection and Response

Intelligent Endpoint detection and response: Maximum confidence in data security

Contact Us

CyberDetectER® SurfaceWeb

Imagine being able to detect and respond swiftly to credible threats on your servers, laptops, and workstations backed by the world leaders in cyber investigations and continuous threat hunting and response solutions. Kroll Responder, in an exclusive partnership with Red Canary, gives you that confidence, relieving the burden and impact of cyber threat detection and mitigation on your organization.

Kroll Responder + Red Canary is a powerful combination of technology and people:

  • 24x7 monitoring and analysis of endpoints, users, and network activity enhanced with the algorithm- and analyst-driven threat hunting and detection services of Red Canary
  • Kroll experts to investigate alerts and assist with any identified threats

Kroll Responder + Red Canary gives you the best of both worlds: Expanded, specialized detection and response capabilities that let your internal information security resources focus on supporting your business.


Managed Detection and Response Delivers Peace of Mind

Endpoint Detection Response

Responder + Red Canary continuously searches for known bad and unusual behaviors, monitoring essentially all endpoint activity:

  • All execution events (programs being run, command lines used)
  • Metadata modifications (on registry and file system)
  • Network connections (connections to the internet and cloud connections)
  • Every single unique binary executed across the environment

Our forensic experts – with decades of incident response experience – have seen organizations of all sizes continue to deploy the same automated defenses over and over. The problem? They keep finding themselves breached – often for months or years without detecting it (“dwell time”).

On average, hackers go undetected on financial services networks for more than three months; for retail companies, the dwell time is more than six months. “Attackers Dodge Detection On Retailers’ Networks For Average Of 197 Days: Study.” Securityweek.com. N.p., 2016. Web.

Even larger organizations, with full-time security staff and traditional managed security providers, become so fatigued with daily alert reviews and false positives that they can miss real signs of an intrusion until the damage is done. Plus, internal security teams usually don’t see enough real intrusions to fully recognize dangerous signs and symptoms.


Endpoint Monitoring Enhanced by Behavioral and Forensic Analysis

All collected data is constantly fed through Red Canary’s detection engine in search of malicious or suspicious behavior. Potential threats are then sent to analysts for triage and further analysis.

The detection engine contains multiple threat intelligence sources and IOCs, including Kroll’s learnings from real-world intrusions. Confirmed threats are rated with a severity, classified, and include a timeline of relevant activity. This allows Kroll’s incident responders to immediately begin analysis and remediation for you.

Endpoint detection 

Merging EDR Security and Incident Response

Hunt and Detect 

  • Red Canary managed endpoint threat detection
  • Behavioral analysis and analytics engine

  • Multiple threat intelligence sources and IOC’s, including Kroll’s learnings from real-world intrusions

  • Analyst-driven threat hunting and identification of threats

  • 24x7 expert triage and analysis of potential threats

  • Rapid notification of validated threats

  • 24x7 portal access with metrics, reports, and available remediation actions (e.g., block, delete, isolate, ignore)

  • Threat Alerts are shared with the Kroll team

  • Optionally, Kroll team can take active steps to block and contain a threat on your behalf (“Active Response”)

  • Kroll team stands ready to provide deeper forensic analysisincident response support, and containment advice (no additional engagement required)


Direct Access to Kroll’s Global Cyber Team Expertise

Many of the cyber experts readily available to investigate Responder threat alerts have years of unique experience from their former service with global law enforcement and regulatory agencies:

Federal Bureau of Investigation (FBI)

  • Interpol
  • U.S. Department of Justice (DOJ)
  • Securities & Exchange Commission (SEC)
  • U.K. Intelligence and Policing
  • Europol
  • Hong Kong Police Force
  • U.S. Department of Homeland Security
  • U.S. Secret Service
  • U.S. Attorney’s Office
Related Team

Connect With Us

Marc Brawner
Marc Brawner
Global Head of Managed Services
Cyber Risk
Scott Hanson
Scott Hanson
Associate Managing Director & Head of Global Security Operations
Cyber Risk
Steve Scarince
Steve Scarince
Associate Managing Director
Cyber Risk
Los Angeles

See all servicesStay Ahead with Kroll


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

M&A advisory, restructuring and insolvency, debt advisory, strategic alternatives, transaction diligence and independent financial opinions.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation, disputes and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.


Q4 2021 Threat Landscape: Software Exploits Abound

Feb 16, 2022

by Keith WojcieszekLaurie Iacono George Glass

The Monitor

VPN Vulnerabilities Tied to Rising Data Exposure, Ransomware – The Monitor, Issue 13

May 07, 2020

by Nicole Sette Laurie Iocono

The Monitor

New Ransomware Reality Involves Data Exfiltration, Could Lead to Regulatory Issues – The Monitor, Issue 11

Feb 13, 2020

by Benedetto DemonteNicole SetteMichael Quinn

Threat Intelligence

CVE-2020-1472 (Zerologon) Exploit Detection Cheat Sheet

Oct 22, 2020

by Carlos Garcia, Simone Marinari, Roman Guillermo


Kroll Wins Best Managed Security Service for Kroll Responder at SC Awards Europe 2022

Jul 01, 2022


Kroll Partners with Armis to Extend Preparedness and Response for OT and ICS Environments

May 09, 2022


Kroll Named a Cyber Security Services Pacesetter by ALM Intelligence

Oct 28, 2020


Kroll Expands Cyber Risk Practice with Hire of Christopher Ballod

Sep 10, 2020

Return to top