Historically, large enterprises have been forced to make a choice between the best solution for their security teams and a solution that complies with IT requirements. Today, security teams and IT teams are no longer forced to make that choice. Cb Response is both.
Earlier today, we announced the release of Cb Response 6.0, which eliminates the infrastructure conflict that currently exists between security teams and IT when it comes to securing the business.
Cb Response Scaling
Cb Response 6.0 scales to the largest of enterprises, supporting hundreds of thousands of endpoints and features a new, innovative system architecture for on-premises deployments. With Cb Response 6.0, we’re decoupling storage from processing. If you want to keep your data longer, just add disks, not servers. This additional scaling marks a 3X improvement over previous versions, something our team, our customers, and large enterprises around the world are very excited about.
Cb Response 6.0 also features a new UI built to accelerate search and proactive threat hunting. Quick and agile search features via a new Process-Timeline View enable investigators to zoom in on specific time frames via click-and-drag functions or broadly view the timeline to note anomalies. With the new drill-in and zoom-out features, no attack is too big or too small to handle.
Benefits of Cb Response
When Ben Johnson and I created Carbon Black in 2010, we had a clear goal – make the lives of incident responders easier by making their investigations significantly faster. The original version of Carbon Black sped up the investigation process by continuously recording the right data so investigators could answer their questions quickly and conclusively. It was a significant leap forward for incident responders and the security industry as a whole.
Today, if you’re not using Cb Response, you can expect to spend about 78 hours conducting an incident response investigation. With Cb Response, the same investigation takes less than 15 minutes. When it comes to identifying the root cause of the attack, Cb Response accelerates the process from 20 hours to less than 10 minutes, regardless of the size or scope of the incident.
During investigations, finding root cause is absolutely critical. Without root cause, security teams will never close the door to similar attacks in the future and never get ahead of attackers. Without root cause, security teams are playing the proverbial game of “Whac-A-Mole” we often hear about.
Cb Response is the only security solution on the market right now providing instant and complete visibility to pinpoint an attack’s root cause in minutes, no matter how complicated or large the attack is. As leading security minds from Gartner, NIST and others have recommended, security is a constant evolution. With root cause and conclusive remediation, your security team can constantly evolve.
Cb Response vs. Tanium
This depth of visibility extends far beyond what our competitors can offer, including Tanium, which markets “15-second visibility.” Tanium, while offering quick search, focuses on answering only a single question at a time, is limited to the current state of the machine, and only for machines that are currently online and accessible.
Most incident response investigations involve answering thousands of questions and involve events that have occurred well in the past. Since Tanium cannot answer these questions, incident responders are forced to rely on forensic artifacts and other inconclusive data points – significantly elongating the IR process and leaving teams with merely hypotheses about what happened.
When the fate of your company is hanging in the balance, your security team can’t be handicapped by limited and inconclusive data that’s only accessible nine-to-five.
Continuous Recording and Centralized Data Storage
Effective incident response requires continuous recording and centralized storage. Cb Response pioneered these concepts and quickly became the leading IR product as a result.
Without continuous recording, incident responders are unable to quickly identify an attack’s root cause. Without that information, security teams are unaware of the full impact of the attack and cannot effective remediate. Why would an organization purchase an IR product that cannot answer the main questions of an investigation or find root cause?
With Cb Response, continuous recording provides responders with the ability to understand the full context of an attack by identifying the common patterns attackers exhibit and visibility into all lateral movement.
With centralized storage, the bulk of the work is shifted from endpoints to a server. In Cb Response, security teams can apply worldwide threat intelligence to increase the likelihood of detection and integrate with many other security solutions for united analytics and automated remediation.
Perhaps most importantly, with Cb Response, security teams are empowered by 24/7 detection and response. Centralized data storage means that incident response doesn’t stop when employees shut off their machines.
Cb Response was nominated for the 2017 SC Magazine Excellence Award for “Best Enterprise Security Solution.” We’re very proud of that honor and very proud of what we’ve been able to do with our product since the early days in 2010.
Cb Response 6.0 continues our commitment of making incident responders’ lives exponentially easier. If you’d like to see a demo, click here.