Managed Detection & Response (MDR)
,
Security Operations
Red Canary Purchase Aims to Deliver Agentic AI-Powered Security Operations at Scale
Zscaler plans to purchase a managed detection and response stalwart to combine zero trust architecture with threat detection, response and automation.
See Also: OnDemand | What’s Driving the Convergence Between EDR and MDR
The San Jose, California-based cloud security vendor said its proposed acquisition of Denver-based Red Canary will bring the latter’s AI-driven remediation workflows and behavioral analytics together with Zscaler’s global threat intelligence and AI-powered security data fabric. The acquisition is expected to close in August, and terms of the transaction weren’t disclosed.
“The proposed acquisition of Red Canary is a natural expansion of our capabilities into managed detection and response and threat intelligence to accelerate our vision of AI-powered SOC of the future,” said Zscaler CEO Jay Chaudhry. “By integrating Red Canary with Zscaler, we will deliver to our customers the power of a fully integrated Zero Trust platform and AI-powered security operations.”
Red Canary, founded in 2014, employs 513 people and has raised $130 million of outside funding, having most recently completed an $81 million Series C round in February 2021 led by Summit Partners. The company has been led since its inception by Brian Beyer, who spent over a year as Kyrus Technology’s product lead and spun the firm’s managed security and incident response business out as Red Canary (see: Public AI Tools Need Governance to Avoid Data Leakage Risk).
What Sets Red Canary’s Approach to Managed Security Apart
Zscaler’s Zero Trust Exchange already synthesizes human expertise and AI-driven automation around secure connectivity and network transformation, and Chaudhry said the buy of Red Canary extends that foundation into security operations. Joining Zscaler’s massive security cloud with Red Canary’s detection capabilities will allow triage, investigation and remediation to be handled with precision and speed.
“With our innovative AI-powered risk management services including Risk360 and the acquired data fabric technology from Avalor, we are disrupting legacy security operations just like we did with our Zero Trust Exchange platform,” Chaudhry said in a statement. “These complementary capabilities will redefine how businesses detect, respond to, and mitigate modern cyber threats.”
Red Canary’s strength lies in collecting audit data across platforms such as AWS, Azure, and Okta, offering a broader picture of adversary behavior than traditional alert-based models, Beyer said. He also said Red Canary’s business model doesn’t rely on unsustainable capital burn, setting it apart in the MDR space. He said Red Canary’s cross-platform neutrality and open-source contributions will remain intact.
“Sorting through that data and understanding how adversaries operate was a monumental challenge,” Beyer wrote in a blog post. “We realized that security leaders needed more than just tools – they needed a partner who could help them navigate this complexity 24×7 and make their security operations more complete. We built Red Canary to be that partner.”
Both Zscaler and Red Canary agree that threat detection needs to evolve from reactive, alert-centric methods to proactive, contextualized, and AI-enhanced methodologies. Zscaler adds the computational scale to run AI engines across hundreds of billions of signals. This will allow the firm to elevate detection fidelity, reduce false positives, and compress the dwell time of adversaries in customer environments.
“For over 10 years, we’ve protected our customers by combining high-fidelity signals with agentic AI, behavioral analytics, and global threat intelligence,” Beyer said in a statement. “Zscaler’s global scale and reach provide the resources and granular data needed to fuel advanced AI, threat intelligence, and detection engineering, giving us a broader view of adversary behavior while enabling faster innovation.”
What Becoming Part of Zscaler Means for Red Canary Customers
Red Canary said all existing partner relationships – including MSPs, IR firms, solution integrators, and technology partners – will remain vital. The company plans to use Zscaler’s backing to keep investing in third-party integrations and expand its partner network. Plus Atomic Red Team, a widely-used threat simulation tool maintained by Red Canary, will continue to be supported and enhanced, the firm said.
“There are many MDRs who’ve taken this approach of ‘I want to integrate with as many products as possible and not necessarily provide a lot of value for those integrations and not go very deep with each of them,'” Beyer said in March. “Red Canary has taken an intelligence-led approach. We are going to understand what adversaries do. How do they compromise organizations? How can we catch them?”
Unlike some MDR firms that burn capital in pursuit of growth, Beyer said Red Canary has cultivated a viable, profitable model, serving top-tier enterprises without overreliance on external funding. Now, with Zscaler’s operational scale, they anticipate unlocking faster innovation cycles, broader visibility into adversary tactics, and the ability to deliver cost-effective security outcomes without compromise.
“We’re about to gain access to 500 billion daily transactions of data and threat intelligence processed on Zscaler’s Zero Trust Exchange and exposure management data,” Beyer said. “This will significantly enhance our ability to detect threats faster and more accurately. The innovation this will bring is going to be incredible. For existing Zscaler and Red Canary customers, you’ll see a more seamless experience.”
Zscaler has made several significant deals in recent years, having most recently purchased agentless segmentation startup Airgap Networks for $124.4 million in April 2024. The company also bought data security startup Avalor for $256.7 million in March 2024, SaaS supply chain security startup Canonic Security for $16.5 million in 2023, and workflow automation firm ShiftRight for $25.6 million in 2022.
