Red Canary Red Canary MDR
MDR with 99.6% accuracy, 10x faster investigations, being acquired by Zscaler
Last updated: November 9, 2025
Overview
Red Canary MDR is a technology-agnostic managed detection and response service built on the Red Canary Security Operations Platform.
Key Facts:
- Founded in 2013, ~$100M ARR, 4,300+ MSP partners
- Protecting 3.5 million+ endpoints globally
- 99.6% detection accuracy, 10x faster threat investigations
- 24/7 SOC operations with expert security analysts
- IMPORTANT: Zscaler acquisition announced May 2025, expected to close August 2025
- Service Changes: Zscaler will discontinue service for lower half of customer base (primarily SMBs)
Service Focus
Response Operations
Integrations
Commercial Terms
Compliance
Known Limitations
Alert and Response Issues
- Some users report alert delays:
"There is some lag between the alert in MDE and when RC responds"
- Alerts can feel "too frequent" making it harder to focus on urgent issues
- Alert delays could potentially hinder rapid response times
Integration Limitations
- Users want more integrations, especially for teams with diverse security tool stacks
- Limited network visibility without Managed SIEM add-on
- OT/ICS environments not supported
Business Continuity Concerns
- Critical: Zscaler acquisition will discontinue service for SMB customers
- Service disruption risk for affected customers during transition
- Uncertainty about future product roadmap under Zscaler ownership
- SMB customers should plan migration to alternative MDR providers
Platform Constraints
- Multi-tenancy not typically supported
- Requires integration with existing EDR solutions
- Onboarding takes 2-4 weeks (not instant)
Customer Examples
Recent User Experiences (2025)
Performance Validation:
"Red Canary has enabled customers to investigate threats up to 10 times faster with 99.6% accuracy, while streamlining workflows through automated remediation."
- Official Red Canary metrics, 2025
Alert Timing Concerns:
"There is some lag between the alert in MDE and when RC responds. Alerts can feel delayed or too frequent, which sometimes makes it harder to focus on what's truly urgent."
- User review, 2025
Integration Requests:
"Feedback mentioned wanting more integrations, especially for teams that rely on a variety of security platforms and workflows."
- Aggregate user feedback, 2025
Microsoft Integration Leadership:
"Red Canary is the first MDR/MSSP to have a plugin published with Microsoft Security Copilot, and the first to ship with promptbooks that integrate plugin capabilities to automate investigation tasks."
- Microsoft Security Copilot announcement, 2025
Acquisition Impact:
"Zscaler has confirmed it will discontinue the lower half of Red Canary's customer-base (mainly SMBs). Organizations in this segment should begin evaluating alternative MDR providers."
- Industry analyst report, May 2025
Related Resources
⚖️Compare Providers
🔍Find Similar Solutions
Information Source: Provider information compiled and verified by the MDRProviders.io research team from public sources including official websites, documentation, press releases, and industry reports. Last updated: November 9, 2025
Important Disclaimer: The information presented here is compiled from publicly available sources and may not reflect current offerings, pricing, or capabilities. Service details, features, and availability are subject to change without notice.
Verification Required: Always verify service details, pricing, and capabilities directly with the provider before making any business decisions. This directory is for informational purposes only.
No Responsibility: We do not assume responsibility for the accuracy, completeness, or currency of the information provided. Users should conduct their own due diligence when evaluating MDR services.