Cb Connect 2018 | Power of You | Register Now


Announcing the July ‘17 Release of Cb Defense

July 6, 2017 / Allen Lieberman

(Editor’s Note: If you are looking for the May 2017 Cb Defense release content, please scroll to the bottom of this page.)

This week, we’re happy to announce the rollout of the July ‘17 update of Cb Defense.

Following the May ‘17 release, we heard a tremendous amount of positive feedback on the new user interface and Attack Visualization within Cb Defense. In the July ‘17 release, we have enhanced the user experience for the capabilities that were introduced in May, continued to evolve the prevention capabilities of CB Defense, and made it easier for new users of Cb Defense to get the most out of the solution.

The July ‘17 release is being rolled out throughout the first half of this month. For more detailed information about what’s included in this release, Cb Defense users can view the Release Notes or the updated Cb Defense User Guide. Below are some of the highlights of this release.

Faster Triage & Remediation

A handful of improvements to the Attack Visualization make it simpler than ever to completely understand each alert so users can take the proper actions to take to remediate, if necessary.

Following the May release, a common suggestion from customers was that the attack visualization should show where each attack was stopped. The attack visualization graph now uses icons to indicate where in the attack kill chain an operation was denied or terminated.

We have made a number of other enhancement to improve the usability of Cb Defense. These improvements help you better understand events within your environment and accelerate triage.

  • Information at the very top of the Triage Alert page has been updated to align with the Threat Categories on the dashboard (Non-Malware, Potential Malware, Known Malware and PUPS).

  • The legend for the attack visualization has been moved the to the top of the graph to make it more accessible.

  • On the attack visualization graph, the selected node will now be highlighted to make it easier to see which process you’re viewing information about.

  • The Take Action button has also been further emphasized to make it easier to find your best options for responding to an attack.

All of these improvements cut down on the time it takes users to understand an alert.

Improved Non-Malware Prevention

The July release includes new streaming prevention capabilities for attacks that involve command interpreters. These tactics are commonly used in document-based attacks.

For example, an attacker may attempt to launch a command interpreter from a Microsoft Office application as their primary way of controlling the endpoint. Cb Defense now allows these detected events to be used in policies to automatically deny the operation or terminate the process.

Better Out-of-the-Box Experience

An updated set of default policies in Cb Defense provides new administrators with improved prevention efficacy right out-of-the-box. These new default policies are designed to simplify initial setup and allow for quick migration as customers evolve through their deployment.

Microsoft Windows Security Center Compatibility

Cb Defense now features integration with Windows Security Center and is officially a Microsoft certified antivirus solution. This integration allows users and administrators to select Cb Defense as the primary virus protection solution in the Security and Maintenance screen on Windows machines.

At its core, this release focuses on making it easier than ever to respond to events that occur within your environment and improving prevention against modern attacks.

We look forward to hearing feedback on this release and moving forward together.


May 2017 Cb Defense Update 

This update focuses on improving the usability of Cb Defense by providing customers with an all new user experience that enables succinct environment health checks, easier executive-level reporting and faster incident response. The new UX also provides an increased ability to quickly understand the root cause of an attack, enabling responders to take the right action to remediate.

Below are the most significant functional improvements included in the May update of Cb Defense along with a workflow comparison to the prior release.

(For more detailed information about what’s included in this release, Cb Defense users can also view the Release Notes or the updated User Guide.)

New Dashboard

The new Cb Defense dashboard is designed to speed users through their workflow. It arranges environment-wide data into categorized modules, making it easier than ever for users to understand the health of the entire environment.

Every number shown on the dashboard is now clickable, which takes users to a filtered search that shows only the alerts included in that specific vector and timeframe.

This dashboard also makes it much easier to communicate information stakeholders inside their organization. With the click of a button users can export underlying data, either from the entire full dashboard or from a specific module, and instantly download it as a .CSV file.

Attack Visualization

Attack visualization provides a step-by-step interactive graphic of the attack. In addition, detailed origin and behavioral data is provided, so defenders can understand what occurred on the endpoint and why a Cb Defense alert was triggered.  

This single page gives new and sophisticated users what they need to understand the activity associated with a threat and enables them to take the right action to remediate.

Performing Tasks with the new UX

Let’s take a look at some of the most common tasks in Cb Defense to show how easy the new UX makes it to get the job done.

“I want to see if there are any suspicious non-malware activities that I should address right away.”

Previous UX New UX (May 2017)

The best way to do this was to start on the Home page and click on “Monitored,” which would take you to the Alerts page where you could adjust the priority filter to determine what alerts were most urgent. From here, you’d want to look through the list of alerts to determine which, if any, were triggered based on potential non-malware attacks.

(click on the .gif to expand)

The new “Attacks Detected” module on the Dashboard gives you an overview of attacks that have been detected. This module shows attacks detected and groups the attacks into categories. You simply click the “Non-Malware” category and you’ll be taken to a filtered page showing all non-malware alerts that were detected.

(click on the .gif to expand)


“I need to know what caused an attack, but I don’t have time to sift through alerts.”

Previous UX New UX (May 2017)

The best way to do this was to identify the alert associated with the event and click the magnifying glass icon. That would take you to the list of actions that are associated with that alert. This Investigate page contained the pertinent information, which required a read to understand the root cause of the attack.

(click on the .gif to expand)

Go to your desired alert and click the branching icon. Now, you can quickly understand the alert via visual representation. You can glance at processes, files and network connections that were part of the attack, and understand other TTPs and address the root cause of the attack.

(click on the .gif to expand)


“My boss just asked for a system health report of our entire environment.”

Previous UX New UX (May 2017)

Cb Defense is used to present information to a wide variety of security constituents. However, it was challenging to get a consolidated view that was easily understandable with the right level of detail. There are ways to export dat,a however users often relied on  taking screenshots of the home page to disseminate information.

(click on the .gif to expand)

Now, from the Dashboard, customize the time frame that you’d like to report on, then you can easily export underlying data from the entire environment or an individual module with the click of a button. The data is immediately downloaded as a .CSV file so you can tailor it to your needs and communicate efficiently with your team.

(click on the .gif to expand)


The May release of Cb Defense represents a monumental leap forward in the accessibility and usefulness of NGAV solutions across organizations of all sizes, from the SMB to enterprise.

We look forward to this roll out, which will be completed over the next several days, and continuing to help you defend against modern attacks.

TAGS: Carbon Black / Cb Defense / July Update / NGAV