Managed Detection & Response (MDR),
Security Operations
Zscaler Pursues SOC Leadership With Enhanced Endpoint and Cloud Visibility
Red Canary’s proficiency in AI-driven workflows and established automation practices positioned it as a formidable player in the managed detection and response market, according to Zscaler’s Chief Product Officer Adam Geller.
See Also: On Demand | Global Incident Response Report 2025
The proposal for Zscaler to acquire Denver-based Red Canary aims to merge its extensive network and identity signals with Red Canary’s specialization in endpoint and cloud detection. This strategic move is designed to integrate Zscaler’s security insights into Red Canary’s platform, enhancing its threat hunting capabilities and expanding its role within security operations (see: Zscaler Buys Red Canary to Elevate AI-Driven Threat Response).
Geller noted, “We considered various players in and outside the MDR space, but Red Canary distinguished itself with its technological foundation, capabilities, and proven business model.”
Integration of Zscaler’s Data with Red Canary’s Workflows
Red Canary has honed its detection and response workflows through extensive use of AI and automation over the years, creating deep automation and yielding consistent results across a diverse client base. Geller commended Red Canary’s advanced detection engineering, which was developed with a long-term vision rather than as a recent fix.
“Their customer base and real-world experience in building detection protocols are impressive,” Geller stated. “This strong detection engineering focuses on crucial areas such as endpoint, identity, and cloud signals. While we do not serve as an identity provider, we gather considerable identity information; similarly, we may not offer endpoint detection and response yet we have extensive endpoint data.”
Zscaler excels in contextualizing user identity, endpoint status, and real-time network behavior. This capability enhances investigations during security incidents, allowing professionals to better assess the breach’s scope and nature. Zscaler’s inline processing and scalability provide significant advantages.
Geller explained, “These data indicators—while not directly the incidents themselves—offer crucial context surrounding an event that Red Canary may identify, leading to sharper investigations and potentially quicker remediation.” Another crucial integration possibility lies in combining Zscaler’s specialized threat hunting service with Red Canary’s comprehensive, product-agnostic MDR approach.
Geller anticipates the evolution of their services into a unified, tiered offering that blends automated managed detection with more extensive threat hunting, enhancing current customers’ capabilities.
Enhancing Transparency and Control in Red Canary’s MDR Service
Zscaler’s current service model is primarily self-managed, enabling customers to configure services independently or through partners. Integrating Red Canary expands options to include fully managed and co-managed services, allowing clients to select their level of involvement based on available resources.
“Each model has its advantages,” Geller noted. “This flexibility allows us to cater to clients at various stages of cybersecurity maturity.” Many customers seek transparency and control over their security measures, even within a managed environment. Geller emphasized that Red Canary’s MDR model can adapt by allowing users to customize detection protocols, contribute their intelligence, and engage actively in incident investigations. An “open book” approach may attract sophisticated security teams that might have previously hesitated.
Success indicators for the Red Canary acquisition will include deeper integration of Zscaler telemetry into threat investigations and a broader acknowledgment of Zscaler’s relevance within modern security operations. Geller stressed that Zscaler should be recognized not merely as a networking vendor, but as an integral component of clients’ security infrastructure.
“The perception of Zscaler in producing critical signals and alerts for security operations will be a significant measure of the acquisition’s success,” Geller concluded. “We want customers to see that our capabilities can enhance their security posture and potency in detection, investigation, and response.”
