It’s time for enterprises, governments, service providers and other organizations to up their game when it comes to identifying cybersecurity threats – then acting in real time against attacks when and where they happen.
As National Cyber Crime Awareness Month continues in the US this October, most recently following on a major breach of Facebook (News - Alert) accounts, Carbon Black has rolled out an “advanced threat hunting and incident response” platform with a brain, tapping their predictive security cloud.
This new service (Cb ThreatHunter) leverages unfiltered data on their cloud (PSC) using the company’s endpoint security platform “with a single agent and single console to consolidate prevention, detection, response, managed services and advanced threat hunting.”
Cloud-native security solutions protecting endpoints has been Carbon Black’s theme throughout the year, and this fourth new service is being demonstrated at the company’s annual user conference in NYC this week.
“One year ago at Cb Connect in San Francisco, we outlined our vision to rapidly extend the Cb Predictive Security Cloud to make it easier for our customers to move off legacy AV and address multiple security use cases through a single cloud platform and single sensor,” said Patrick Morley, Carbon Black’s Chief Executive Officer. “With the addition of Cb ThreatHunter, this market-leading platform will have five offerings and delivers customers the ability to prevent, detect, respond to, predict and now, hunt threats in the cloud using a single agent, single console and single platform.”
Cb ThreatHunter is delivered through the PSC, Carbon Black’s powerful endpoint protection platform that consolidates prevention, detection, response, threat hunting and managed services into a single platform with a single agent and single console.
“In today’s attack landscape, threat hunters must position themselves on the high ground,” said Tom Kellermann, Carbon Black’s Chief Cybersecurity Officer. “The high ground is defined by greater situational awareness. Specifically, the hunter must analyze threat intel from customer IPs, domains and hashes applied to historical data. From that vantage one must search for similar threads that are not identical matches in historical data. Successful anomaly detection requires continuous analysis of unfiltered data from the endpoint.”
“Cb ThreatHunter has simplified incident response by allowing quick discovery of both simple and advanced threats, and quickly making decisions to take conclusive actions,” said Denis Xhepa, IT Systems Security Engineer of MidCap Financial Services. “Its simplicity and responsiveness are amazing, especially when you are running an investigation where every minute matters. When I find something, I can prevent it for the future, and look for other related or similar things. All this can be done very intuitively. Anomaly detection is also going to be enhanced by the backend intelligence applied to the data. Endpoint security used to be difficult.”
“The combination of rapidly searchable, unfiltered endpoint data for advanced threat hunting, combined with an array of prevention and response capabilities built-in to one endpoint sensor is a significant step forward. Cb ThreatHunter further enhances our ability to deliver rapid incident detection and response to our global customers,” said Marc Brawner, Principal at Kroll’s Cyber Risk practice.
Carbon Black has also been pioneering in crowd-sourcing information with more than 2,000 “members” active on their Cb Response community. The new service has been informed by collaboration from customers and developers within their customer base and includes:
Cb ThreatHunter will be generally available in November 2018.