Skip to main content
Microsoft Security

How Red Canary and Microsoft can help reduce your alert fatigue

This blog post is part of the Microsoft Intelligent Security Association guest blog seriesLearn more about MISA.

Security alert fatigue

Organizations often feel overwhelmed by the number of security alerts they receive. Frustrated by alert fatigue, these organizations want a deeper understanding of security threats and extended coverage to protect themselves. Enterprises typically maintain 70 security products from 35 different vendors1 and burnout from alert fatigue can lead to choices that put a company’s security at risk. Prospective customers have told us they mute security alerts or create rules to ignore or turn off alerts. Some security operations leaders have even said that if a security alert isn’t resolved within a week, it’s automatically deleted from the system.

Security alert fatigue happens when employees become desensitized to alerts and alarms from tools and technology because of their frequency. Since 2019, the number of security alerts has increased by 34 percent.2 In fact, 44 percent of alerts go uninvestigated1 because of the high volume and inadequate staff levels.

Red Canary is a security ally for customers

Security alerts lack the context customers need to determine which alerts are a serious threat and which are noise. They also wonder, “If we were attacked, how fast could we contain a security threat?” Security alerts don’t answer this question. That’s why Red Canary, a cybersecurity software as a service (SaaS) company that provides outcome-focused solutions for security operations teams, developed a security operations platform that powers their Managed Detection and Response (MDR) solutions. Red Canary MDR integrates with Microsoft Defender for Endpoint to help customers detect and respond to cybersecurity threats in their environment. Red Canary MDR + Microsoft Defender for Endpoint is a powerful combination for modern security operations teams to protect their organizations.

Founded in 2014, Red Canary is a security ally for customers and an extension of their security teams. Underpinning Red Canary’s MDR solution is its all-day security operations team. These detection engineers provide extended coverage for long-term customer peace of mind. Red Canary is continuously monitoring and reviewing every potential threat—even detections that appear outwardly benign are investigated.

Red Canary’s approach

When its MDR solution detects a security threat for one customer, a logic-based detection engine is strengthened and used to detect similar threats for other customers. Thousands of detectors—a number that is growing all the time—trigger investigations on anything suspicious that’s detected.

Red Canary’s solution supercharges the already powerful Microsoft Defender for Endpoint and also now supports Microsoft Defender for Identity, to help security operations teams protect on-premises identities, and Microsoft Azure Active Directory (Azure AD) Identity Protection, to protect identities and user accounts for Azure AD customers along with recently announced support for publishing confirmed detections into Microsoft Sentinel.

The Red Canary technology is only half the story. Customers also benefit from the deep threat detection expertise with detection engineers and incident handlers available around the clock, serving as an extension of a customer’s security team.

We increase the confirmed detections and tune down the noise of security alerts.”—Cordell BaanHofman, General Manager, Red Canary + Microsoft Security at Red Canary

Red Canary by the numbers: 20,000 endpoints, 51 billion telemetry records, 69,886 tipoffs, 3,943 significant events, 74 detections, and 17 high-severity attacks.

Bridging the expertise and budget gap

Besides alert fatigue, companies also struggle with two other big challenges that restrict their ability to respond to cyberthreats: a lack of cybersecurity expertise and a limited budget. Many organizations lack the in-house expertise to review, investigate, and respond to Microsoft Defender for Endpoint security threats. Often, budget prevents them from hiring people with the expertise to operationalize Microsoft Defender for Endpoint or provide all-day coverage.

Red Canary supports these companies by giving them access to a team of cybersecurity experts and all-day coverage. It offers them an “easy button,” including customizable, automated incident response playbooks which enhance the pre-built automated incident response model of Microsoft Defender for Endpoint. Red Canary’s approach to threat detection continues to effectively protect its customer base from ransomware—like the Conti and REvil families that have been implicated in so many prominent attacks this year—and other high-impact threats.

The company analyzes alerts and raw telemetry through APIs connected to Microsoft Defender for Endpoint. Customers are only notified of confirmed threats—in the middle of the night if it’s a critical threat—and are provided with full threat context to quickly respond to stop it in its tracks. This response is achieved through a combination of automation and incident response experts to neutralize and remove the threat.

Flow chart from Microsoft Defender for Endpoint to Red Canary security operations center to customer security team and back.

After bringing in Red Canary, an IT security leader said they felt positively about their security posture for the first time in their 10-year information security career. A security analyst at a different company said the solution results in every detection being actionable and reliable. The security analyst explained: “Red Canary has taken what used to be a daily workload of hours and brought it down to minutes.”

MISA membership

Red Canary is aligned with Microsoft’s security strategy, particularly extended detection and response (XDR) and the Zero Trust approach. Since becoming an inaugural MDR partner in 2019, Red Canary earned IP co-sell incentive status and shared the virtual stage at Microsoft Ignite with Microsoft Corporate Vice President Rob Lefferts during his advanced attack security keynote.

Red Canary was one of the early members of the Microsoft Intelligent Security Association (MISA), joining in January 2019, and has participated in Microsoft webinars, blog posts, and marketing workshops—all made possible by MISA.

Learn more

One of the reasons that Red Canary and Microsoft’s relationship is so strong is the two companies share a similar ethos and objective. Red Canary’s mission is to empower organizations worldwide to make their greatest impact without fear of a cyberattack. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. Reach out for a demonstration of Red Canary MDR + Microsoft Defender for Endpoint.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


16 strategies to reduce cybersecurity alert fatigue in your SOC, Innocent Wafula, Microsoft. 17 February 2021.

2SOC Teams Burdened by Alert Fatigue Explore XDR, Joan Goodchild, Dark Reading. 14 May 2021.