WALTHAM, Mass.—July 29, 2014—Bit9® + Carbon Black®, the leader in endpoint threat prevention, detection and response, today announced version 4.2 of Carbon Black, the industry’s leading endpoint threat detection and response solution for advanced and targeted threats.
Incident response (IR) is time-consuming, complex and expensive. For many organizations, the average data breach can take 243 days to discover,1 with 69 percent2 of those breaches identified by a third party. With the average cost in external forensics and IR consultants at $341 thousand per incident3, this is unsustainable.
With version 4.2, Carbon Black is continuing to deliver on its promise to provide the most immediate, conclusive and contextual endpoint visibility on the market; accelerate endpoint threat detection; reduce the cost and complexity of incident response; and easily and effectively drive remediation in the midst of a response through four key enhancements:
- Integrated Bit9 + Carbon Black experience: Carbon Black (version 4.2) now integrates with the Bit9 Security Platform (version 7.2). Carbon Black’s detection capabilities can be leveraged to instantly drive Bit9 to enforce multiple forms prevention locally, or across an enterprise, to block, ban and remediate threats. In addition, from within Bit9 7.2, users can contextually link to Carbon Black to leverage Carbon Black’s visibility to make better decisions about policy enforcement. The combination of Bit9 + Carbon Black is an unparalleled solution for detecting, responding to and preventing advanced threats on endpoints across an entire enterprise.
- Bit9 + Carbon Black Threat Intelligence Cloud: Carbon Black now leverages the new Threat Intelligence Cloud, which pulls in threat intelligence from the Bit9 + Carbon Black Software Reputation Service (a cloud-based intelligence database that provides highly accurate and up-to-date insight into known-good, known-bad and unproven software); Bit9 + Carbon Black Watchlists (which look for indicators of malicious activity); and third-party threat data feeds from leading threat intelligence partners to confidently hunt for threats and instantly classify attacks across an enterprise. The Threat Intelligence Cloud also now integrates with ThreatConnect, a threat intelligence platform that bridges incident response, defense, and threat analysis, and is the only platform that allows organizations to collaborate internally and with their partners and industry leaders to aggregate, analyze, and act upon relevant threat data; as well as iSIGHT, a comprehensive cyber intelligence feed connecting security technology and operations to the business.
- New agent support for Mac and Linux: Carbon Black is expanding the operating systems on which its real-time sensor runs to support Mac OS X and Linux (Red Hat Enterprise Linux and CentOS)*—in addition to Windows—to provide customers with a single solution that can detect attacks without signatures and respond to threats in seconds across all endpoints and servers. Leveraging a single endpoint detection and response tool across all major platforms reduces enterprise security costs while increasing an organization’s ability to hunt for and respond to attacks.
- API enhancements: Carbon Black’s new enterprise service bus enables applications to consume a wide variety of events from Carbon Black, as they happen. This enables faster integration of Carbon Black with internal security tools—such as SIEMs, custom analytics and existing security tools.
“Instead of responding to a breach, organizations must proactively prepare for it,” said Brian Hazzard, vice president of product management for Bit9 + Carbon Black. “Until now, enterprises have lacked the ability to collect the critical information necessary to proactively respond to a data breach as it was happening—and before their intellectual property was lost. As a result, response has been too late, too time-consuming and too expensive. Carbon Black delivers rich, actionable intelligence—from our continuously recording endpoint sensor—about the relationships and reputation of the critical data necessary to respond with confidence to any incident. Turning what could be years or months of work with other solutions, into just minutes or seconds with Carbon Black.”
Javvad Malik, senior analyst of 451 Research, said: “Having data is fine, but how you convert it into intelligence and make it usable is essential. Being able to reduce the complexity of incident response by providing contextual data is critical to improving detection and expediting investigations across an enterprise.”
How organizations benefit from using Carbon Black:
- Breach preparation (visibility): Prepare for a breach—don’t react to one. Enterprises are deploying Carbon Black’s continuously recording and contextual endpoint sensor across their entire environment to deliver industry-leading visibility to their security teams to respond to attacks before a data breach.
- Advanced threat detection: With both the Bit9 + Carbon Black Threat Intelligence Cloud and Carbon Black’s continuously recording endpoint sensor, enterprises can instantly classify attacks through a variety of proprietary and third-party sources to identify known-good, known-bad, unproven software and zero-day attacks. Through watchlists, Carbon Black also can detect attack behaviors and malicious processes—not just individual events. This combination enables enterprises to prioritize alerts, accelerate discovery and respond in seconds.
- Incident response: Carbon Black was designed to reduce the cost and complexity of incident response. It does so by deploying a continuously recording endpoint sensor that maintains the relationships of the critical data sets necessary to “roll back the tape” (like a DVR) to understand where an attack is and where it was. This delivers conclusive and confident root-cause analysis enabling enterprises to effectively remediate their environment in seconds.
- Threat hunting: Enterprises can leverage both Carbon Black’s leading continuous endpoint visibility and the Bit9 + Carbon Black Threat Intelligence Cloud to proactively hunt for threats across their entire environment in real time.
- Deployment by managed security service providers (MSSP): Leading MSSPs—such as Dell SecureWorks’ Advanced Endpoint Threat Detection (AETD) managed service—use Carbon Black for its leading continuous endpoint visibility, comprehensive threat intelligence, signature-less threat detection, and conclusive response capabilities to alert and eradicate threats for customers in seconds.
- Deployment by incident response (IR) providers: Bit9 + Carbon Black’s IR partners are able to use Carbon Black at no cost to help enterprise customers remediate cyber attacks and breaches. As IR teams identify malicious files used to execute an attack, Carbon Black pinpoints each endpoint and server on which malware has landed and reveals the entire “kill chain” of the attack enabling responders to quickly and easily see where and how it started. This enhanced visibility enables IR providers to more rapidly contain attacks and accelerate remediation efforts. After the situation is remediated, the customer can purchase Carbon Black for all of its endpoints and servers to ensure continuous detection and response capabilities moving forward.
Carbon Black 4.2 is available now.
About Bit9 + Carbon Black
Bit9 + Carbon Black offers the most complete solution against the advanced threats that target your organization’s endpoints and servers. This makes it easier for you to see—and immediately stop—those threats.
Carbon Black’s lightweight endpoint sensor, which can be rapidly deployed with no configuration to enable detection and response in seconds, combined with Bit9’s industry-leading prevention technology, delivers four key benefits:
- Continuous, real-time visibility into what’s happening on every computer
- Real-time threat detection, without relying on signatures
- Instant response by seeing the full “kill chain” of any attack
- Prevention that is proactive and customizable
Thousands of organizations worldwide—from 25 Fortune 100 companies to small businesses—use Bit9 + Carbon Black to increase security, reduce operational costs and improve compliance. Leading managed security service providers (MSSP) and incident response (IR) companies have made Bit9 + Carbon Black a core component of their detection and response services. With Bit9 + Carbon Black, you can arm your endpoints against advanced threats. For more information, visit our website.
* The Mac OS X and Linux sensors are currently available upon request.
Bit9 is a registered trademark of Bit9, Inc. All other company or product names may be the trademarks of their respective owners.
1. Mandiant M-Trends® 2013: Attack the Security Gap
2. 2013 Verizon Data Breach Investigations Report
3. NetDiligence Cyber Liability & Data Breach Insurance Claims