We are starting a new blog series centered on partners enabling streamlined solutions through the Carbon Black Collective Defense strategy.
Carbon Black CTO and Co-founder Michael Viscuso provided the most honest summary of our strategy: “Historically, vendors have only worked together when it’s advantageous to a company’s bottom line. That self-serving approach no longer works. Customers should not be locked into a single security platform that doesn’t allow for integration with best-of-breed security at every layer of the stack. We welcome anyone in the security industry to access our APIs.”
Security teams need more than the next, new technology; they need a new mindset. They can no longer adopt the “detect-it-and-stop-it” posture that organizations have used for more than 25 years. Modern attackers are way too smart and determined for that simplistic of a defense. You need to understand how adversaries and attackers work and deploy solutions to disrupt them. This shifts the balance of power back to the defenders.
You need real-time, continuous and historical visibility into what is happening on your endpoints. I’ll say that again. You NEED real-time, continuous and historical visibility into what is happening on your endpoints. By storing and collating that information, you have immediate access to a centralized system of record that enables continuous detection and rapid response to ongoing threats. You can no longer try to forensically put the pieces together after a breach and hope that the attacker doesn’t resurface. Cb Response provides the data to help you properly identify how the attacker entered and moved within your environment, and gives you the tools to stop an attack in progress, remediate any damage, and apply that knowledge to prevent similar style attacks from occurring again.
Security solutions can no longer afford to operate in silos. This requires collaborative effort of the entire security community. The adversary does not target just one component of your security stack, so managing your solutions in isolation is like fighting with one hand tied behind your back. Carbon Black solutions enable partnerships with your security technologies and provide the open APIs necessary to automate the integration between your solutions.
It’s with this focus on visibility and collaboration that Corvil releases a new forensic capability with Carbon Black’s Cb Response.
Today’s security teams struggle with an overload of alerts, relatively shallow data, and multiple security tools that fail to integrate. Combining the packet centric visibility of Corvil with the process/file centric visibility of Cb Response, security teams now have a highly granular LIVE forensic ability with smarter prioritization to find what matters most and automate certain response/remediation actions to shut the attacker down.
As the old saying goes, “Seeing is believing”, and this video shows the key integration points perfectly:
Malicious traffic can be correlated with cross-device user activity and originating processes both in real-time and retrospectively. This allows for rapid prioritization of alerts and, more importantly, brings the attackers methods front and center allowing security teams to rapidly identify and investigate the most urgent threats. The solution provides a high fidelity source of information through Corvil’s full-fidelity, retrospective packet capture and Cb Response’s full visibility of the process responsible for the packet’s creation.
One final piece making headlines is automated response methods. Corvil leverages the Cb Response “Live Response” feature to interact with the endpoint, and if warranted by the security team, can automate the isolation of an endpoint during the investigation.
Remove the silos in your organization. Demand interoperability and sharing of threat data. More importantly realize what you’re really striving for is streamlining your teams to be more effective with the security platforms in their environment. Oh and the integration is free! So if you have Corvil Security Analytics and Carbon Black Cb Response do you teams a big favor and get your systems connected. Your team will love you for it.
Come visit us at Splunk .conf.