Integrated endpoint threat prevention, detection and response

Bit9 Security Platform v. 7.2, Carbon Black v. 4.2 and the new Threat Intelligence Cloud combine to make advanced threats easier to see and faster to stop.

  • 10 years ago Posted in

Bit9® + Carbon Black has announced the Bit9 + Carbon Black Solution, said to be the industry’s most advanced and complete endpoint threat prevention, detection and response solution available to enterprises, government and mid-size businesses. The integrated Bit9 + Carbon Black Solution, which consists of new versions of the company’s products—the Bit9 Security Platform version 7.2 and Carbon Black version 4.2 as well as the new Threat Intelligence Cloud service—fills the visibility, prevention, detection and response gaps in antivirus products, traditional post-breach incident response services, and network security technologies to deliver a new level of endpoint protection that makes advanced threats easier to see and faster to stop—before a breach occurs.


The Bit9 + Carbon Black Solution is the first and only endpoint protection platform that addresses the new endpoint and server security challenges facing businesses today:
· Security teams have no visibility into what’s happening on their company’s endpoints.
· Today’s advanced attacks bypass signature-based endpoint prevention tools, such as antivirus.
· Traditional incident response services and tools are used in an expensive post-breach model.
· Network security solutions do nothing to protect endpoints and servers from attacks.
· Network security solutions don’t integrate with endpoint and server security.


The integrated Bit9 + Carbon Black Solution directly addresses these new realities by delivering:
· Real-time threat visibility and continuous recording of all endpoint and server activity
· Proactive endpoint prevention that provides multiple forms of prevention to stop advanced attacks from infiltrating an organisation
· Fast, accurate detection of advanced threats, without relying on signatures
· Response to and remediation of threats in seconds
· Open integration with leading network security solutions


The new product versions and integrated solution feature improvements in four key areas:
· The new Bit9 + Carbon Black Threat Intelligence Cloud service (see news release)—which features community and proprietary threat data from leading third-party threat intelligence providers, as well as the Bit9 + Carbon Black Software Reputation Service (SRS) and Advanced Threat Indicators (ATI)—delivers shared intelligence for fast, accurate identification of threats and malware. This enables security teams to create detection events and filter results based on reputation as well as community and shared intelligence for the best possible prevention of advanced threats.
The Threat Intelligence Cloud service—including recently added community and proprietary attack classification capabilities—now works seamlessly with both the Bit9 Security Platform and Carbon Black.
· The integration of the Bit9 Security Platform version 7.2 (see news release) and Carbon Black version 4.2 (see news release), which were announced today, features two key integrations:
o Automation of prevention policies. When Carbon Black detects a new piece of malware it automatically feeds the threat information into the Bit9 enforcement engine, allowing the Bit9 Security Platform to immediately terminate the malicious process and prevent its execution on every endpoint and server in the enterprise. This allows customers to proactively take charge of protecting their endpoints and servers instead of waiting days or weeks for traditional security vendors to generate and distribute signatures.
o Enhanced visibility and response. From inside the Bit9 Security Platform a security analyst can select any suspicious file and, with a single click, enter the Carbon Black console to investigate the full “kills chain” by seeing which sequences of processes created the file, what network connections it made, what processes or files it created, and more.
· Enhanced open-platform application programming interfaces (API) and specific product integrations with leading security solutions.
The latest Bit9 + Carbon Black integrations include:
o Next-generation firewall and threat emulation offerings from Check Point® Software Technologies Ltd. that helps customers prioritise alerts faster, rapidly determine the scope of an attack, and speed remediation.
o Integration with Splunk, including a new Splunk app for the Bit9 platform, which allows customers to leverage Splunk’s analytics and visualisation capabilities to analyze Bit9 + Carbon Black endpoint data.
Enhancements to the products’ APIs enable customers to use Bit9 + Carbon Black to continuously gather actionable intelligence about their endpoints and seamlessly integrate that with whatever best-of-breed tools they choose for network security and analytics.
· Enterprise-class cross-platform coverage—both the Bit9 Security Platform and Carbon Black now support Windows, Mac and Linux (Red Hat and CentOS)—provides customers with a single enterprise-wide solution for endpoint threat prevention, detection and response across all their key desktops, servers, and fixed-function devices. This added platform coverage reflects the rapid growth of mission-critical workloads on Linux-based machines as well as the expansion of OS X in the enterprise.


“One of the key reasons for the merger of Bit9 and Carbon Black was the highly complementary nature of the companies’ products,” said Brian Hazzard, vice president of product management for Bit9 + Carbon Black. “In just a few months, we have delivered a new version of each product and integrated them to provide customers with the only security solution that delivers the visibility, prevention, detection and response they need to protect their endpoints and servers from advanced threats and targeted attacks.


“Security teams are rapidly learning three critical realisations: First, endpoint security is more important than network security because your company’s assets are on its endpoints and you need protection as close to your assets as possible. Second, you need to prepare for a breach, not react to it; you need to continuously record all activity on your endpoints so when you’re under attack you can respond immediately. And third, antivirus is fine for everyday “nuisanceware,” but it doesn’t protect you against advanced, targeted attacks. Organisations need proactive, customizable forms of prevention. Bit9 + Carbon Black addresses every one of these critical areas,” Hazzard said.


“The market has been looking for an endpoint and server security solution that delivers prevention, detection and response to meet the evolving threat landscape,” said Fran Howarth, senior security analyst for Bloor Research. “This product integration, combined with the Threat Intelligence Cloud service, open platform interfaces, and cross-platform support, leverages the strengths of Bit9 + Carbon Black to help organisations protect their endpoints and the critical information on them.”
The Bit9 Security Platform version 7.2, Carbon Black version 4.2 and The Threat Intelligence Cloud service are available now.
 

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.