As Cybercriminals Continue to Invest Ten Times More Than Organizations, Advanced Threat Hunting Becomes the Ultra AI Sport

It’s time for enterprises, governments, service providers and other organizations to up their game when it comes to identifying cybersecurity threats – then acting in real time against attacks when and where they happen.

As National Cyber Crime Awareness Month continues in the US this October, most recently following on a major breach of Facebook (News - Alert) accounts, Carbon Black has rolled out an “advanced threat hunting and incident response” platform with a brain, tapping their predictive security cloud.

This new service (Cb ThreatHunter) leverages unfiltered data on their cloud (PSC) using the company’s endpoint security platform “with a single agent and single console to consolidate prevention, detection, response, managed services and advanced threat hunting.”

Cloud-native security solutions protecting endpoints has been Carbon Black’s theme throughout the year, and this fourth new service is being demonstrated at the company’s annual user conference in NYC this week.

“One year ago at Cb Connect in San Francisco, we outlined our vision to rapidly extend the Cb Predictive Security Cloud to make it easier for our customers to move off legacy AV and address multiple security use cases through a single cloud platform and single sensor,” said Patrick Morley, Carbon Black’s Chief Executive Officer. “With the addition of Cb ThreatHunter, this market-leading platform will have five offerings and delivers customers the ability to prevent, detect, respond to, predict and now, hunt threats in the cloud using a single agent, single console and single platform.”

Cb ThreatHunter is delivered through the PSC, Carbon Black’s powerful endpoint protection platform that consolidates prevention, detection, response, threat hunting and managed services into a single platform with a single agent and single console.

“In today’s attack landscape, threat hunters must position themselves on the high ground,” said Tom Kellermann, Carbon Black’s Chief Cybersecurity Officer. “The high ground is defined by greater situational awareness. Specifically, the hunter must analyze threat intel from customer IPs, domains and hashes applied to historical data. From that vantage one must search for similar threads that are not identical matches in historical data. Successful anomaly detection requires continuous analysis of unfiltered data from the endpoint.”  

“Cb ThreatHunter has simplified incident response by allowing quick discovery of both simple and advanced threats, and quickly making decisions to take conclusive actions,” said Denis Xhepa, IT Systems Security Engineer of MidCap Financial Services. “Its simplicity and responsiveness are amazing, especially when you are running an investigation where every minute matters. When I find something, I can prevent it for the future, and look for other related or similar things. All this can be done very intuitively. Anomaly detection is also going to be enhanced by the backend intelligence applied to the data. Endpoint security used to be difficult.”

“The combination of rapidly searchable, unfiltered endpoint data for advanced threat hunting, combined with an array of prevention and response capabilities built-in to one endpoint sensor is a significant step forward. Cb ThreatHunter further enhances our ability to deliver rapid incident detection and response to our global customers,” said Marc Brawner, Principal at Kroll’s Cyber Risk practice.

Carbon Black has also been pioneering in crowd-sourcing information with more than 2,000 “members” active on their Cb Response community. The new service has been informed by collaboration from customers and developers within their customer base and includes:

• More Powerful Search Fields: Cb ThreatHunter equips security teams with the ability to flexibly hunt threats, even if an endpoint is offline. With this level of visibility, researchers can see what happened at every stage of an attack with intuitive attack-chain visualizations, and uncover advanced threats, while minimizing attacker dwell time. This insight provides immediate answers with comprehensive behavioral context to stop attacks as quickly as possible.
• Enhanced Threat Intel (News - Alert) Matching: Cb ThreatHunter’s sophisticated detection combines custom and cloud-delivered threat intel, automated watchlists and integrations with the rest of the security stack to efficiently scale hunting across the enterprise. This advanced level of detection allows security teams to proactively explore environments for abnormal activity, leverage cloud-delivered threat intelligence and automate repeat hunts. Additionally, the PSC’s platform extensibility allows developers to create custom watchlists to power real-time detection and correlate data across the security stack.
• Elastic Cloud Scalability: Cb ThreatHunter is natively built on the PSC, allowing security teams to rapidly deploy and scale the solution across their enterprise without investing in (or maintaining) on-premise infrastructure. By eliminating these costs and processes, Cb ThreatHunter enables teams to simplify their operations and focus their energy on hunting and responding to threats.

Cb ThreatHunter will be generally available in November 2018.