New service adds Attack Classification capabilities to Bit9 + Carbon Black Software Reputation Service and Advanced Threat Indicators
Service integrates with real-time endpoint visibility to rapidly detect advanced threats
WALTHAM, Mass.—July 29, 2014—Bit9® + Carbon Black®, the leader in endpoint threat prevention, detection and response, today announced a new, unified Threat Intelligence Cloud service that combines Attack Classification data from leading third-party providers with the Bit9 + Carbon Black Software Reputation Service (SRS) and Advanced Threat Indicators (ATI) to help enterprises avoid the potentially devastating effects of advanced threats and targeted attacks.
The Threat Intelligence Cloud is an integral component of the Bit9 + Carbon Black endpoint security solution, which features “always-on” and continuously-recording sensors that maintain the relationships of every file execution, file modification, registry modification, network connection and executed binary. The Bit9 Security Platform and Carbon Black automatically correlate their data with threat intelligence from the Threat Intelligence Cloud to detect advanced attacks without relying on signatures, prioritize response in seconds, and prevent advanced attacks using proactive and customizable techniques.
The three key elements of the Threat Intelligence Cloud service are:
- Attack Classification—Uses intelligence feeds from third-party sources to help enterprises identify the type of malware and the threat actor group behind an attack. This enables security teams to have a better understanding of attacks so they can respond more quickly and effectively. Customers also can leverage their own intelligence feeds to enhance their capabilities. Threat Intelligence Cloud feed providers include:
o abuse.ch: Tracks command-and-control servers for Zeus, SpyEye and Palevo malware while combining domain name blocklists.
o iSIGHT Partners: Comprehensive cyber intelligence feed connecting security technology and operations to the business.
o Malware Domain List: Tracks domains used by malware
o National Vulnerability Database: Flags executed applications vulnerable to one or more Common Vulnerabilities and Exposures (CVE).
o ThreatConnect: A threat intelligence platform that bridges incident response, defense, and threat analysis, and is the only platform that allows organizations to collaborate internally and with their partners and industry leaders to aggregate, analyze, and act upon relevant threat data.
o Tor: A list of active Tor Node IP addresses.
- The Bit9 + Carbon Black Software Reputation Service (SRS)—A cloud-based intelligence database that provides highly accurate and up-to-date insight into known-good, known-bad and unproven software, giving IT and security teams actionable intelligence about the software installed within their enterprise. The capabilities of the SRS are further enhanced by feeds from leading providers, including OPSWAT, Team Cymru and others.
- Advanced Threat Indicators (ATI)—Developed by the Bit9 + Carbon Black threat research team and delivered from the Threat Intelligence Cloud, ATIs run on the Bit9 and Carbon Black products on customers’ premises to monitor and examine many key system facets. ATIs perform real-time monitoring of files, registry, process, memory execution and more to identify potential compromise or infection. ATIs also can examine the recorded history of endpoint activity that Bit9 and Carbon Black maintain to “reach back in time” and retrospectively identify advanced threats and malware. Customers also are able to create custom ATIs to meet the specific needs of their environments.
“Bit9 + Carbon Black customers are able to take full advantage of the most comprehensive threat intelligence available on the market,” said Brian Hazzard, vice president of product management for Bit9 + Carbon Black. “With enterprises already in a continuous state of compromise, they need immediate context about the files, network connections, and behaviors they’re investigating to proactively prevent, detect and respond to advanced attacks infiltrating their organization. That is exactly the type of actionable intelligence our Threat Intelligence Cloud delivers.”
About Bit9 + Carbon Black
Bit9 + Carbon Black offers the most complete solution against the advanced threats that target your organization’s endpoints and servers. This makes it easier for you to see—and immediately stop—those threats.
Carbon Black’s lightweight endpoint sensor, which can be rapidly deployed with no configuration to enable detection and response in seconds, combined with Bit9’s industry-leading prevention technology, delivers four key benefits:
- Continuous, real-time visibility into what’s happening on every computer
- Real-time threat detection, without relying on signatures
- Instant response by seeing the full “kill chain” of any attack
- Prevention that is proactive and customizable
Thousands of organizations worldwide—from 25 Fortune 100 companies to small businesses—use Bit9 + Carbon Black to increase security, reduce operational costs and improve compliance. Leading managed security service providers (MSSP) and incident response (IR) companies have made Bit9 + Carbon Black a core component of their detection and response services. With Bit9 + Carbon Black, you can arm your endpoints against advanced threats. For more information, visit our website.
Bit9 is a registered trademark of Bit9, Inc. All other company or product names may be the trademarks of their respective owners.