Denver, Co-based managed detection and response (MDR) firm Red Canary has raised $34 million in growth equity funding.
The funding round was led by equity growth investor Summit Partners and joined by existing investors Access Venture Partners and Noro-Moseley Partners. This brings the total funding raised by the firm to $48.9 million.
MDR aims to increase the speed of detection and response, consequently reducing the dwell time and the opportunity for bad actors to complete their purpose. To achieve this, the Red Canary platform ingests over 500 terabytes of telemetry per day for analysis by its own behavioral analytics technology and in-house team of analysts.
Founded in 2014 by Brian Beyer, Chris Rothe, and Keith McCammon, Red Canary has hundreds of customers ranging from Fortune 100 to 100-employee firms. “We are in the golden age of data in security,” comments CEO Beyer. “Security teams have more telemetry, tools, and budget than ever before but unfortunately, in many cases, this has not resulted in a meaningful improvement in security outcomes. We serve as a security ally for our customers, helping their teams get the most out of modern security technology, protect their valuable data and remain focused on the performance of their own business.”
To help automate the response side of MDR, the firm launched Exec in September 2018. This is especially useful for smaller firms with smaller security teams. It allows the easy generation of playbooks to automate immediate response to different alerts. For example, if malware is detected during the night dropping Mimikatz, much of the immediate risk can be mitigated automatically: the endpoint can be isolated, the malicious software can be banned, the on-call engineer can be contacted via phone, and the broader team could be informed via Slack.
Andy Collins, a Managing Director at Summit Partners who has joined Red Canary’s Board of Directors, points to the firm’s year-on-year ARR growth of more than 100%. “Across the security landscape, there is increased acknowledgement that a ‘status quo’ approach is inadequate,” he said. “Attackers bypass even the best security technology solutions on a daily basis. We believe Red Canary’s software-driven model delivers a uniquely high-quality, continuously improving service.” The new funding is earmarked for expanding Red Canary’s marketing reach to new customers.
Version 2 of Exec was launched in January 2019, with new features including support for forensics package collection, audit logging, and human as well as automated playbook control.
Last month, Red Canary analyzed 10,000 confirmed threats from hundreds of its customers. It concluded that that PowerShell, scripting, Regsvr32, connection proxy, spearphishing attachments and masquerading are the most prevalent techniques, as described in MITRE’s Adversarial Tactics Techniques and Common Knowledge (ATT&CK) framework.
The firm maintains a relationship with MITRE ATT&CK by supporting the Atomic Red Team library of open source ‘micro tests’ mapped to the [email protected] malicious techniques framework. The purpose is to allow security teams to test their defenses — without reliance on third-party testing organizations — against a wide range of different attacks.