The IT Nerd

Red Canary today unveiled its seventh annual Threat Detection Report, examining the trends, cyber threats, and adversary techniques that organizations should prioritize in the coming months and years. The report tracks the MITRE ATT&CK® techniques that adversaries abuse most frequently, and this year noted four times as many identity attacks compared to the 2024 edition. After debuting in the top 10 in 2024, cloud-native and identity-enabled techniques surged in this year’s report, with Cloud Accounts, Email Forwarding Rule, and Email Hiding Rules ranking among the top five.

Research highlights major shifts in the threat landscape

The data that powers Red Canary and this report are not mere software signals—this data set is the result of hundreds of thousands of investigations across millions of protected systems and identities. Each of the threats Red Canary detected in 2024 were not prevented by the customers’ expansive security controls. They are the result of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.

Red Canary’s 2025 report provides in-depth analysis of nearly 93,000 threats detected within more than 308 petabytes of security telemetry from customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications over the past year. The total number of threats detected increased by more than a third compared to 2024’s report as a result of not only more customers, but also Red Canary’s expanded visibility into cloud and identity infrastructure. 

The analysis shows that while the threat landscape continues to shift and evolve, adversaries’ motivations do not. The tools and techniques they deploy remain consistent, with some notable exceptions. Key findings include:

• Click, paste, compromised – One of the most successful new initial access techniques observed this year was paste and run, also known as “ClickFix” and “fakeCAPTCHA.” In this attack, adversaries socially engineer users into executing malicious scripts under the pretense that doing so will fix something, like providing access to a video or document.
• VPN abuse is rampant and difficult to detect – Adversaries constantly use virtual private networks (VPNs) to conceal their location and bypass network controls, but employees also rely on them for legitimate activity. Strikingly, organizations in the educational services sector accounted for 63 percent of all VPN use – a disproportionately high share given their smaller presence among Red Canary’s data. This highlights that environments from organizations in this sector are a potential hotspot for VPN-related security risks.

• RMM exploitation is on the rise – The use of remote monitoring and management (RMM) tools for command and control and lateral movement is growing, enabling adversaries to drop malicious payloads including ransomware. This year, Red Canary saw malicious use of NetSupport Manager break its yearly top 10, highlighting the popularity of RMM tools amongst adversaries.
• The not-so-helpful IT desk – Phishing remains prevalent in many forms. Email, QR code (aka “quishing”), SMS, and voice phishing attacks all increased in 2024. Often adversaries posed as IT personnel, asking victims to download malicious or remote control software. In 2024, Black Basta paired email bombing with social engineering, posing as IT personnel “helping” with the issue to gain access and install RMM tools.

The rise of LLMJacking to attack cloud infrastructure

While cloud attacks rose overall in 2024, the techniques adversaries abused have largely remained the same as in past years. However, adversaries have shifted more of their efforts to attacking and compromising cloud infrastructure and platforms:

• Red Canary observed adversaries attempting to impair defenses inside cloud environments by disabling or modifying firewall rules and logging. Gaining access through compromised cloud accounts or valid credentials, adversaries elevate their privileges by granting the identity additional roles. 
• With the rise of LLM usage, cloud services such as AWS Bedrock, Azure OpenAI, and GCP Vertex AI have become prime targets for adversaries in an attack known as “LLMJacking.” Adversaries have reportedly sold access to these hijacked models as part of their own SaaS “business” and passed all LLM usage costs to the victim.

Info-stealing malware is the ultimate identity threat

In 2024, stealer malware infections were on the rise across Windows and macOS platforms. Adversaries use stealers to gather identity information and other data at scale. In 2024 there were some interesting variations in the use of infostealers, including:

• LummaC2 was the most prevalent stealer detected in 2024, operating under a malware-as-a-service (MaaS), and selling for anywhere from $250 per month to a one-time payment of $20,000. Its growing popularity and expanded scope make it a major threat, exposing user credentials and enabling adversaries to gain initial access to organizations using legitimate accounts.
• Adversaries commonly use LummaC2 to deliver NetSupport Manager, Red Canary’s seventh most detected threat detected in 2024 – giving them a gateway to deploy other malicious payloads as a follow-up to their initial attack.

Mac malware ran rampant

In 2024, macOS experienced the same phenomenon that Windows did: an exponential increase in stealer malware.

• Red Canary detected 400 percent more macOS threats in 2024 than in 2023, including an exponential increase in malware driven by Atomic, Poseidon, Banshee, and Cuckoo stealers. Atomic Stealer was the most prevalent, appearing on Red Canary’s monthly top 10 threat rankings five times.
• In September 2024, detections dropped off sharply after Apple remediated a popular Gatekeeper bypass technique abused by numerous malware families. 95 percent of stealer infections happened before September and just five percent occurred after, highlighting the dramatic and immediate impact that patching can have.

Recommended actions:

• Limit unsanctioned VPN usage. Tighter policies around acceptable use of VPNs will mean that abuse is rare and becomes a potential signal of suspicious logins and other malicious activity when they are present.
• Manage your centralized identity management solution. A central identity solution isn’t an excuse to kick back. Centralized identity solutions make organizations more secure, but they’re also a priority target for adversaries. Organizations should pay special attention to the evolving threat landscape and be careful to manage their identity infrastructure as safely and securely as possible.
• Mitigate risk by making patching a top priority. It remains one of the best ways to protect yourself from risk. Unpatched vulnerabilities are one of the most common entry points for adversaries, making timely updates critical to reducing exposure.
• Balance accessibility to cloud systems with protection. Verify that permissions and configurations are correctly set, and stay informed on how your organization uses cloud infrastructure. Distinguishing between legitimate and suspicious activity requires a deep understanding of what’s normal in your environment.
• Assess and test your defenses. Look at the top threats and techniques and ask: ‘am I confident in my ability to defend each of these?’ Red Canary’s open source test library Atomic Red Team is free and easy to adopt. 

Learn more

• Read the full interactive report or the condensed executive summary
• Register and join the Inside the 2025 Threat Detection Report webinar on March 26 at 2:00pm ET 

About the Threat Detection Report

The full report is intended as a reference library for security practitioners to improve their ability to prevent, mitigate, detect, and emulate cyber threats. It offers detailed guidance on data sources that log relevant evidence of adversary behaviors, tools that collect from those data sources, insight into how security teams can use this visibility to develop detection coverage, and much more deeply actionable information.

The Threat Detection Report sets itself apart from other annual reports by offering unique data and insights, accompanied by recommended actions derived from a combination of expansive visibility and expert, human-led investigation and confirmation of threats.

Each of the nearly 93,000 threats Red Canary detected in 2024 were not prevented by the customers’ expansive security controls. They are the result of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.

Red Canary has announced new capabilities for Red Canary Security Data Lake, a service that enables IT and security teams to efficiently store, search, and access large volumes of infrequently accessed logs—such as firewall, DNS, and SASE data—without overspending on legacy SIEMs.

Security teams struggle to balance data retention costs with ensuring they have the relevant logs available when needed for threat investigations and response. In fact, new research surveying 300 IT and security professionals, commissioned by Red Canary and conducted by Censuswide in February 2025, found that:

• Just 35% of data stored in legacy SIEMs delivers tangible value for threat detection.
• Only 13% of organizations separate out low value data for cheaper storage in a raw data repository. 
• Due to SIEM storage costs, 68% of IT security decision makers discard low value data and have to hope they won’t regret it.
• 84% of IT security decision makers say having a security data lake to store low value logs at reduced costs would maximize the value of their SIEM spend.
• 62% of IT security decision makers say they are fed up with pouring money down the drain storing useless data just to tick a box for compliance.

Red Canary’s new Security Data Lake capabilities help organizations tackle these issues head on. Whether organizations are looking to complement an existing SIEM investment by storing lower-value data more efficiently or need a standalone solution for managing security logs without a SIEM, Red Canary’s Security Data Lake delivers flexibility, cost savings, and seamless access to critical data when it matters most.

What’s new:

Ingest logs from any source

• Retain high-volume, infrequently accessed logs, such as firewall, DNS, and SASE data.
• Store raw, line-delimited data (e.g., JSON strings, Syslog messages) that is writable to an Amazon S3 bucket or Syslog collector.

Demonstrate compliance in highly regulated industries, such as financial services and healthcare

• Store logs indefinitely to meet retention requirements.
• Export logs on demand to compile audit reports when needed.

Ensure data availability for threat investigations

• Use SQL search to run ad-hoc queries during incident investigations.
• Search data by attributes such as hostnames, IPs, URLs, and date/time ranges.
• Perform basic statistical analysis to enhance detection workflows.

Additional resources:

• Learn more by reading the announcement blog.
• Register now for a webinar showcasing Red Canary Security Data Lake on April 2.

Methodology:

Research based on a survey of 300 IT security decision makers in the U.S. (200) and UK (100) in enterprises with over 1,000 employees. It was commissioned by Red Canary and conducted by Censuswide in February 2025.

Tangerine Turkey is a new VBS worm spread via USBs with a cryptomining payload. Tangerine Turkey first appeared in November, but infections rose sharply last month to launch it into Red Canary’s top 10 threats at #8. More interestingly though, when Red Canary’s analysts started digging, they discovered the new worm appears to be connected to a much bigger global cryptomining operation, which has so far largely gone under the radar.

There is more background in the blog here – which is being updated later today with new information about GitHub repositories that Red Canary’s analysts discovered were being used to store configuration files for Tangerine Turkey.

Stef Rand, Senior Intelligence Analyst, Red Canary leading the investigation had this comment:

“External USB drives delivering malicious payloads–like worms and cryptominers–are still a surprisingly common problem in information security. What’s interesting here is that what initially looked like a new cryptomining worm bears strong similarity to a larger global operation uncovered by Azerbaijan’s CERT in October 2024. That investigation has so far traced 270,000 infections across 135 countries, attributed to what the Azerbaijan CERT has dubbed the “Universal Mining Operation”. That suggests that Tangerine Turkey could be much more widespread than we first thought.

“When we started digging into Tangerine Turkey, we found a report from February last year from someone who used their USB to make copies in a print shop in Turkey. When they put it back into their own machine, they detected activity that looked similar to Tangerine Turkey. This indicates a strong possibility the operation could be linked to physical shops or internet cafes where adversaries can take advantage of unsuspecting users plugging USBs into and out of public machines. While that’s a slower and lower-volume way of distributing malware than a phishing campaign, it makes it self-distributing and more difficult to trace – which makes it lower risk from the adversary’s perspective.

“Cryptomining can consume significant amounts of CPU, so those infected by Tangerine Turkey could see the performance of their systems impacted, as well as their costs increasing. The biggest risk they face, however, is the unauthorized access that adversaries gain to their endpoints. While the payload we’re seeing for now is for cryptomining, adversaries could theoretically switch it for something more nefarious in the future when Tangerine Turkey reaches out to retrieve code from remote resources.”

I would take the time to read this blog post as the fact that this uses USB drives to spread should underscore that some of the best ways to protect yourself from threats are often pretty simple. Such as not trusting USB drives that aren’t under your control. And perhaps not trusting the ones that are.

 Red Canary, a leader in managed detection and response (MDR), announced strong Q3 FY25 results, achieving positive operating margins for the first time in company history. These results were buoyed by strength in the enterprise customer segment, with the most recent quarter exceeding 50% growth year-over-year. As identity and cloud threats continue to rise, organizations in nearly every industry are turning to Red Canary for its world class detection and response capabilities across endpoint, identity, and cloud attack surfaces.

With advanced detection engineering, threat intelligence, threat hunting, and world-class support baked into the platform, Red Canary helps customers improve their security posture from day one, providing immediate time to value. Over the last year, growth has been driven by large organizations realizing the value of Red Canary’s expertise in detecting and responding to emerging threats across all domains with high quality, accuracy, and at an incredible scale.

Product innovations in Q3 FY25:

• Continued to accelerate threat investigations and response times with GenAI agent flows, realizing over 60% faster mean time to investigate and enabling customers to address threats more swiftly and effectively with Red Canary flow investigations.
• Cost-efficient storage that strengthens security posture with the release of Security Data Lake, delivering long-term log retention, search, and MDR enhancement capabilities. 
• Expanded endpoint integrations with Trend Micro Vision One integration, providing customers an EDR solution with extensive telemetry, a comprehensive detection analytics library, automated remediation actions, and advanced threat hunting.
• Delivered powerful AI-driven security operations with Managed XSIAM, making Red Canary analytics and expert help available inside of Palo Alto Networks Cortex XSIAM with a new managed service—now in early access.

Key company milestones in Q3 FY25:

• Achieved record-breaking third quarter, the best Q3 in the company’s history for new business bookings.
• Appointed Todd Chronert as Chief Revenue Officer, a proven cybersecurity leader with nearly 20 years of experience, to drive global sales, business development, and partnerships while accelerating growth and strengthening Red Canary’s leadership in MDR.
• Published a major midyear update to the 2024 Threat Detection Report, offering a comprehensive summary and analysis on the top trending threats and techniques in the first half of 2024 to help provide timely insights for organizations to stay ahead of emerging threats.
• Released latest monthly threat intelligence research, highlighting browser-related threats, including ChromeLoader and SocGholish continue to have an impact and rank among top 10 threats.
• Earned customer recognition with five badges in G2’s Fall 2024 report, including Fastest Implementation in MDR.

Red Canary recently unveiled its sixth annual Threat Detection Report, examining the trends, threats, and adversary techniques impacting organizations – a useful guide for channel partners supporting customers with their security strategies in the year ahead. The report tracks MITRE ATT&CK® techniques that adversaries abuse most frequently throughout the year, with two new and notable entries soaring to the top 10 in 2023: Email Forwarding Rule and Cloud Accounts.

Red Canary’s latest report provides in-depth analysis of nearly 60,000 threats detected with more than 216 petabytes of telemetry collected from customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications in 2023. The research shows that while the threat landscape continues to shift and evolve, attackers’ motivations do not. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions.

Key findings include:

• Cloud Accounts was the fourth most prevalent MITRE ATT&CK technique Red Canary detected in 2023, rising from 46th in 2022, increasing 16x in detection volume and affecting three times as many customers in 2023 than in 2022.
• Detections for malicious email forwarding rules rose by nearly 600 percent, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, rerouting money into the criminal’s account.
• Half of the threats in top 10 leveraged malvertising and/or SEO poisoning, occasionally leading to more serious payloads like ransomware precursors.
• Half of the top threats are ransomware precursors that could lead to a ransomware infection if left unchecked,with ransomware continuing to have a major impact on businesses.
• Despite a wave of new software vulnerabilities, humans remained the primary vulnerability that adversaries took advantage of in 2023, compromising identities to access cloud service APIs, execute payroll fraud with email forwarding rules, launch ransomware attacks, and more.
• Adversaries use the same 10-20 ATT&CK techniques against organizations, regardless of the victim’s sector or industry – yet notable exceptions occur where attackers target certain systems and workflows that are common in specific industries. 

Red Canary noted several broader trends impacting the threat landscape that cybersecurity solution providers, managed security service providers (MSSPs), and incident response partners will need to help customers navigate and respond to. These include the emergence of generative AI, the continued prominence of remote monitoring and management (RMM) tool abuse, the prevalence of web-based payload delivery like SEO poisoning and malvertising, the increasing use of multi-factor authentication (MFA) evasion techniques and the dominance of brazen but highly effective social engineering schemes such as help desk phishing. These trends should be of particular concern for channel partners that deliver or rely on these solutions to support their customers.

Recommended actions:

• Validate customers’ defenses. Look at the top threats and techniques and ask: ‘am I confident in my ability to defend my customers against each of these?’ Red Canary’s open source test library Atomic Red Team is free and easy to adopt.
• Patching vulnerabilities is key. It remains tried and true as one of the best ways to insulate customers from risk.
• Become a cloud expert. Ensure your customers’ permissions and configurations are properly set up, and that they have clear visibility into how everyone in their organization is using cloud infrastructure. The difference between suspicious and legitimate activity is nuanced in the cloud and requires a deep understanding of what is normal in each customer’s environment.
• Apply to be a Red Canary Partner. Whether you provide technology products, security solutions, or cyber insurance and risk services, the Red Canary Partner Connect program ensures that you can help customers to navigate the threats they face and grow profitably.

About the Threat Detection Report

The full report is intended as a reference library for security practitioners to improve their ability to prevent, mitigate, detect, and emulate cyber threats. It offers detailed guidance on data sources that log relevant evidence of adversary behaviors, tools that collect from those data sources, how security teams can use this visibility to develop detection coverage, and much more deeply actionable information.

The Threat Detection Report sets itself apart from other annual reports by offering unique data and insights, accompanied by recommended actions derived from a combination of expansive visibility and expert, human-led investigation and confirmation of threats.

Each of the nearly 60,000 threats Red Canary detected in 2023 were not prevented by the customers’ other expansive security controls. They are the product of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.

 Red Canary today unveiled its sixth annual Threat Detection Report, examining the trends, threats, and adversary techniques that organizations ought to prioritize in the coming months and years. The report tracks MITRE ATT&CK techniques that adversaries abuse most frequently throughout the year, and two new and notable entries soared to the top 10 in 2023: Email Forwarding Rule and Cloud Accounts. 

Red Canary’s latest report provides in-depth analysis of nearly 60,000 threats detected with the more than 216 petabytes of telemetry collected from customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications in 2023. The report sets itself apart from other annual reports with its unique data and insights derived from a combination of expansive detection coverage and expert, human-led investigation and confirmation of threats. 

The research shows that while the threat landscape continues to shift and evolve, attackers’ motivations do not. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions. Key findings include: 

• Cloud Accounts were the fourth most prevalent MITRE ATT&CK technique Red Canary detected in 2023, rising from 46th in 2022, increasing 16x in detection volume and affecting three times as many customers in 2023 than in 2022.
• Detections for malicious email forwarding rules rose by nearly 600 percent, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, rerouting money into the criminal’s account.
• Half of the threats in top 10 leveraged malvertising and/or SEO poisoning, occasionally leading to more serious payloads like ransomware precursors.
• Half of the top threats are ransomware precursors that could lead to a ransomware infection if left unchecked, with ransomware continuing to have a major impact on businesses. 
• Despite a wave of new software vulnerabilities, humans remained the primary vulnerabilitythat adversaries took advantage of in 2023, comprising identities to access cloud service APIs, execute payroll fraud with email forwarding rules, launch ransomware attacks, and more.
• Uptick in macOS threats–in 2023 Red Canary detected more stealer activity in macOS environments than ever before, along with instances of reflective code loading and AppleScript abuse.

Red Canary noted several broader trends impacting the threat landscape, such as the emergence ofgenerative AI, the continued prominence of remote monitoring and management (RMM) tool abuse,the prevalence of web-based payload delivery like SEO poisoning and malvertising, the increasing necessity of multi-factor authentication (MFA) evasion techniques, and the dominance of brazen but highly effective social engineering schemes such as help desk phishing. 

Emerging techniques for macOS, Microsoft, and Linux users to watch out for 

The techniques section within the report highlights the most prevalent and impactful techniques observed in confirmed threats across the Red Canary customer base in 2023. While many techniques like PowerShell and Windows Command Shell persist, there were some interesting variations, including: 

• Adversaries compiled malicious installers with Microsoft’s new MSIX packaging tool–typically used to update existing desktop applications or install new ones–to trick victims into running malicious scripts under the guise of downloading legitimate software. 
• Container escapes–where adversaries exploit vulnerabilities or misconfigurations in container kernels and runtime environments to “escape” the container and infect the host system. 
• Reflective code loading is allowing adversaries to evade macOS security controls and run malicious code on otherwise hardened Apple endpoints. 

Attackers don’t target verticals; they target systems  

The data shows that adversaries reliably leverage the same small set of 10-20 ATT&CK techniques against organizations, regardless of the victim’s sector or industry. However, adversaries do favor certain tools and techniques that may target systems and workflows that are common in specific sectors: 

• Healthcare: Visual Basic and Unix Shell were more prevalent likely due to the different machinery and systems used within that industry. 
• Education: Email forwarding and hiding rules were more common, likely due to a heavy reliance on email.
• Manufacturing: Replication through removable media, such as USBs, was more common—likely due to a reliance on air-gapped or pseudo air-gapped physical infrastructure and legacy systems. 
• Financial services and insurance: Less “obvious” techniques, such as HTML smuggling and Distributed Component Object Model were more common, likely due to greater investments in controls and testing.

Recommended actions:

• Validate your defenses. Look at the top threats and techniques and ask: ‘am I confident in my ability to defend each of these?’ Red Canary’s open source test library Atomic Red Team is free and easy to adopt. 
• Patching vulnerabilities is key. It remains tried and true as one of the best ways to insulate yourself from risk.
• Become a cloud expert–ensure your permissions and configurations are properly set up, and know how everyone in your organization is using cloud infrastructure, as the difference between suspicious and legitimate activity is nuanced in the cloud and requires a deep understanding of what is normal in your environment.

Learn more

• Read the full interactive report or the condensed executive summary
• Register and join the Unveiling the 2024 Threat Detection Report webinar, Today at 2:00pm ET 

About the Threat Detection Report

The full report is intended as a reference library for security practitioners to improve their ability to prevent, mitigate, detect, and emulate cyber threats. It offers detailed guidance on data sources that log relevant evidence of adversary behaviors, tools that collect from those data sources, how security teams can use this visibility to develop detection coverage, and much more deeply actionable information.

The Threat Detection Report sets itself apart from other annual reports by offering unique data and insights, accompanied by recommended actions derived from a combination of expansive visibility and expert, human-led investigation and confirmation of threats.

Each of the nearly 60,000 threats Red Canary detected in 2023 were not prevented by the customers’ other expansive security controls. They are the product of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.

Red Canary today announced full coverage of its detection and response capabilities to include all major cloud infrastructure and platform services providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Red Canary can detect suspicious activity across all major cloud environments and seamlessly correlate that data with other leading cloud security products, enabling enterprises to find and stop threats before they can cause damage. Red Canary’s vendor-agnostic approach underpins these new capabilities, providing security teams with actionable threat intelligence and comprehensive visibility from the control plane to containers and workloads.

Security teams rely on various tools, but integrating them internally for threat detection and response can be challenging, especially in large organizations with multicloud environments. Recent research shows that many businesses are currently using or planning to use at least two cloud infrastructure providers and about 31 percent are using four or more. As a result, IT and security teams are facing an increasing number of new cloud threats. In fact, in 2023, Red Canary detected cloud account compromises 16 times more frequently than in 2022, ranking it among the top five MITRE ATT&CK techniques analyzed across 58,000 confirmed threats identified in 216 petabytes of telemetry. 

With Red Canary, organizations can protect their cloud environments, identities, and endpoints, all using a single, intelligence-led security operations platform. This industry-leading approach significantly improves the productivity of overwhelmed security analysts by eliminating the need to look across multiple tools, sift through raw alerts from various sources, and manually analyze data. By trusting Red Canary to detect and respond to prevalent threats, internal security teams can have more time to focus on their business’s specific security needs and requirements.

What’s new:

Defend complex environments and streamline workflows with comprehensive detection and response coverage across all major cloud providers

• Amazon: Amazon Web Services (AWS), including AWS CloudTrail and Amazon GuardDuty
• Microsoft: Microsoft Azure, Microsoft 365, Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Defender for Cloud
• Google: Google Cloud Platform (GCP) and Google Workspace

Get 24×7 access to cloud security expertise

• Actionable threat intelligence: 400+ updated threat profiles provide deep insights into cloud threats and how adversaries operate in cloud environments
• Run more effective tabletops: New scenarios allow customers to confidently understand, prepare for, and effectively respond to prevalent and emerging threats

Enhance threat protection across containers and production environments

• Additional support for containers and Kubernetes: Improved metadata collection adds new insights for Linux-based environments empowering security analysts to quickly locate threat origins

Enrich threat data with identified risks and misconfigurations

• Deeper integrations with cloud security posture management (CSPM) tools: Correlated alert data from vendors like Lacework and Wiz provides additional context that speeds up threat detection and response, and optimizes prevention efforts

Operationalize cloud-native SIEM investments 

• Co-managed Microsoft Sentinel engagement: Expanded services to deploy and optimize SIEM technology include a security goals consultation along with analytics, threat hunting queries, automation playbooks, and dashboards to maximize SIEM value

MDR for Cloud availability:

• Support for Microsoft Azure is generally available
• Support for Amazon Web Services is generally available
• Support for Google Cloud Platform is currently in early access and expected to be generally available in Q2 of this fiscal year
• Wiz support is expected to be generally available in Q2 of this fiscal year

Additional resources:

• Learn more by reading the announcement blog
• Register now and join the upcoming webinar on how to identify and address security challenges in multicloud environments on March 19
• Register now for the webinar unveiling the 2024 Threat Detection Report on March 13