Carbon Black recently published a guide to help enterprises gauge their readiness in their initial search for next-generation antivirus, or NGAV; this is an excerpt from that guide, which you can find here. For more information about how Cb Defense, Carbon Black’s NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo, every Wednesday at 2PM EST, 11AM PST.
Preparing for NGAV at Scale
Stopping Attacks in Progress Starts with Asking the Right Questions
During a response scenario, every minute counts. The longer it takes to address an issue the more risk your business faces.
Visibility is the foundation of investigation and response. Without a full picture of everything that’s is happening and has happened, response teams are at a significant disadvantage to address threats at their core. Since compromises are measured in a matter of minutes, response teams need to be able to go from a detection of a potential indicator of attack to root cause analysis in nearly the same amount of time if the negative effects of the breach are to be mitigated. To achieve that level of speed, you need the right data and the ability to analyze and prioritize it quickly and efficiently.
After an incident has been discovered, new risks emerge; unscheduled downtime of systems and people can cost the business greatly, and resources dedicated to reimaging can pull away from other critical IT activities. This is a function of the dated separation between IT operations and security; it unnecessarily gets more groups involved to perform time-intensive tasks related to fixing endpoints targeted in an attack.
QUESTIONS TO ASK YOURSELF
- What would you say is your average response time to a security incident (from point of detection to point of resolution)?
- In a typical month how many machines are re-imaged as a result of a security incident?
- How confident are you that your security team can easily search for relevant information about infected endpoints during an investigation?
In response to this, when evaluating NGAV, enterprises should ensure that the platform:
- Provides contextual analysis based on a complete dataset of endpoint events to remove time-intensive forensic activities and fast-track root cause analysis.
- Contains native capabilities to quarantine infected machines and address their issues remotely.
- Supports intuitive search functions that helps responders find the right information quickly and effectively.
WHAT DOES CARBON BLACK PROVIDE?
Cb Defense provides administrators with some of the fastest ways to investigate and remediate attacks in progress, eliminating uncertainty and reducing downtime:
- Faster, more precise investigations to reduce exposure
- Real-time remediation of any endpoint from a central console
- Get end users back to work quickly without calling IT
KEY FEATURE: Live Response
Cb Defense enables responders to establish a secure remote shell into any system to get information, perform memory dumps, or run scripts for full remediation in minutes whether or not they are on your corporate network.
KEY FEATURE: Enhanced Search
Cb Defense allows your to search based on key-value categories with auto-populated search suggestions, making it really easy to run more advanced and specific searches to quickly find the information you are looking for.
Thanks for joining us as we explore “Preparing for NGAV at Scale,” our in-depth guide to help enterprises gauge their readiness in their initial search for next-generation antivirus, or NGAV. You can click here to get a copy of the full report. Join us next week as we continue to profile this report.