How Red Canary uses artificial intelligence and machine learning

Red Canary has used Machine Learning and Artificial Intelligence for years in service of our vision of a world where organizations can focus on their mission without being distracted by a cyberattack. Red Canary uses these technologies to deliver world-class Managed Detection and Response capabilities. We call the systems and interfaces that leverage AI across Red Canary "Red Canary Copilot".

1. Triage and Analysis Transparency

Red Canary uses Generative AI to create Alert Summarization reports. These reports help customers understand what an alert means, offers recommendations on how to address it, highlights the lines of inquiry (and often, the actual data) that is used by Red Canary to investigate that alert. We want customers to know why certain events are marked as "not a threat" so that they can trust and understand the thoroughness of the Red Canary triage process. 

To generate these summaries, Red Canary uses a series of agents and retrieval-augmented generation (RAG) techniques to assemble a summary report that contains relevant contextual telemetry, insight into other similar alerts, and Red Canary expert analysis.

2. Automated Investigation and Summarization

Red Canary Copilot utilizes Generative AI agents to automatically investigate security events. These agents form an initial opinion, summarize the alert, and compile the findings before forwarding them to a human analyst for confirmation. For more information on Red Canary Copilot flow investigations, read our blog post Accelerating identity threat detection and response with GenAI.

3. Investigation tools for Red Canary Analysts

Behind the scenes, Red Canary security analysts, intelligence experts, and threat hunters comb through TBs of security telemetry to detect, incriminate, prioritize and investigate security events. Red Canary uses state-of-the-art technology to assist our team of experts. Some examples of the technologies we use include:

• NLP

• Decision Trees

• Ranking models

• Recurrent Neural Networks

• Count frequency models

• Word embeddings

• Fuzzy matching algorithms

• Data linkage statistical systems

• Vector Search Engines

• Clusterization algorithms

• Anomaly Detection algorithms

• A priori analysis

• Machine learning (supervised and unsupervised)

4. Integration with Microsoft Security Copilot

Red Canary has developed and published a plugin for Microsoft Security Copilot, allowing users to access Red Canary data directly from the Security Copilot interface. This integration facilitates seamless data access and enhances the overall user experience. To learn more, read our blog post Teaming with Microsoft Copilot for Security.