Red Canary Pros and Cons

Red Canary is very focused on writing detections and applying them to the telemetry from your environment. They are less concerned about alerts that pop-up from the rest of your detection stack. The other alerts are in the RC portal for context and can be acted upon, mostly by the customer.

For EDR the integration is pretty straightforward through API.

Their customer support is pretty good and personal. Review collected by and hosted on G2.com.

Red Canary seems very focused on cybercrime and commodity threats, perhaps a bit less on the APT and state-sponsored attackers. This may or may not fit your organization's risk profile.

We have also had issues with roadmap promises and new integrations, where time estimates seems to have been overly optimistic in the beginning. Review collected by and hosted on G2.com.

Incorporating Red Canary into our environment has been great. As a Linux admin, when a company says their product "works on Linux" I usually take it with a grain of salt. That is not the case with Red Canary. Red Canary was easy to implement including adding automations. Now that it's installed in our environment it just does its thing which frees us up to focus on supporting our clients. With previous solutions we'd spend hours investigating findings just to find out that most were false positives. Getting that time back has made our team much more efficient. Review collected by and hosted on G2.com.

So far we have not had any issues using Red Canary. The only thing that could be considered an issue is that one of our admins runs Red Canary on his laptop. Since his laptop is regularly offline it constantly shows up in the daily status email. Being able to mark a system as not a server and not include it in the uncommunicative servers list would be nice. Review collected by and hosted on G2.com.

Red Canary first and foremost has reduced the amount of noise we were getting from our various log sources in our SIEM. Set up relatively seamless. Every staff member at Red Canary we have worked with has been a pleasure to work with and has been transparent. I am in the console every day looking at threats, alert, and other data being collected. Red Canary has fit well within our team workflows. Review collected by and hosted on G2.com.

I wish the integrations beyond Crowdstrike were a bit more robust and greater in number. Red Canary is perhaps too reliant on Crowstrike and less on our other sources which are important (Cloud, Identity Email, etc.). We also find that Red Canary detections could be more proactive. Review collected by and hosted on G2.com.

The threat hunting team does a great job ensuring they are on top of emerging threats in our environment. I appreciate that Red Canary is EDR agnostic using that to all of their customers' advantage by ingesting data from all of the big EDR players. On boarding was super simple - just allowing a few requests into our Azure tenant and we were up and running. Review collected by and hosted on G2.com.

We have found a few bugs with the GUI and API integration, but support is quick to get request escalated to development. APIs seem to be an ever changing beast at this point and I am glad Red Canary seems to be able to keep up with all of the changes forced by other vendors. Review collected by and hosted on G2.com.

Red Canary has provided our team with a quite a few features that has helped our small team focus on larger adminstration activities needing attention. The implementation and easy integration to our existing applications saved tremendous time in getting things up and running without delay helping the team immediately. As a tool we use and reference daily this was critical and any issue we have come across the support of their team has been nothing short of top tier. I cannot recommend Red Canary enough. Review collected by and hosted on G2.com.

I dont have much to say in regards to what we dislike about the Red Canary product. If i had to pick something it would be id like to see more integrations available but those are always being added. Any issue we have ever had has been quickly addressed by their team. Review collected by and hosted on G2.com.

The Threat Hunting Team is excellent. Of the times I've reached out to them, they responded quickly and they provided good information and insight. I appreciate their recommendations and look for opportunities to reach out to them when we need assistance. The Technical Support Team is also excellent. They know their stuff and go the extra mile to provide essential information. I work with a lot of support teams and I am thankful for how well the RC team functions. That is rare in my experience. I never regret opening tickets for assistance. Review collected by and hosted on G2.com.

There have been several instances where we expected RC to identify an issue and no alert was surfaced. Because of this, senior leadership feels, at times, that RC isn't the right partner for us. I think this is due to differences in methodology. RC has a set process, however in certain environments we have activity that for us would be considered unusual and requires follow up, but for RC it's not something that the team will alert on. I also think, that at times we looking for evidence that detections are functioning as described but this can be difficult to come by. Also, I think on the account rep side, there is a lack of training, such that when asked for clarification from our rep, those requests are either insufficiently responded to or outright ignored. It's my job as manager to ask questions and provide explanations to our leadership when there is an issue, I feel unsupported from the RC team in this fashion. I think the RC portal could be more useful. I know it's being improved but 2 years in, I still struggle to get useful information when I need it. Review collected by and hosted on G2.com.

As a Red Canary customer for five years now, I've consistently been impressed by the service and level of support. We're fortunate to rarely receive alerts (which is a testament to accurate threat identification); however, when we do, our trust in Red Canary's analysis drives my team to act quickly to review and resolve. I appreciate the company being customer-focused which is demonstrated through regular engagement and their continous innovation to stay competitive. Review collected by and hosted on G2.com.

I've found Red Canary's support to be extremely proactive (e.g. alerting when an integration fails), responsive (e.g. promptly responding to cases), and dedicated (e.g. working to find additional information); however, it's occasionally difficult having the right SMEs available to answer technical questions. This was mostly an issue with complexities surrounding our Azure integration. Review collected by and hosted on G2.com.

Red Canary is a breeze to set up! With help from the onboarding team, my team was able to configure our environment within a day. Immediately after setup, we could start monitoring through the pre-built integrations with most of our cybersecurity pain points. Review collected by and hosted on G2.com.

We have not yet found anything negative to report. Review collected by and hosted on G2.com.

Red Canary has been a game-changer for us. Their active Threat Hunting is amazing. They incorporate AI into the Cyber threat detection and it has reduced the false positives. We are very pleased with their MDR services and how they handle our Cyber posture. They onboarding process was quick and painless. They had us up and running in less than a month. Review collected by and hosted on G2.com.

We have only used Red Canary for a short period of time but I do not have any negatives to report on them. Review collected by and hosted on G2.com.

I appreciate Red Canary's proactive approach to cybersecurity, their excellent customer support, and the comprehensive threat detection and response capabilities they offer. Review collected by and hosted on G2.com.

There is currently nothing that I dislike about Red Canary at the current moment. Review collected by and hosted on G2.com.