Mike Viscuso founded Carbon Black following a 10-year career in offensive security for the NSA and CIA. Carbon Black was Mike’s first time on the defensive side of cybersecurity. He came to the job with more than just a mastery of the tools and techniques used by attackers; Mike brought a state of mind to defensive security that was distinct.
THINKING LIKE AN ATTACKER
Attackers are like treasure hunters. They are incredibly diligent and relentlessly tenacious. They patiently investigate their targets, gathering every shred of information they can get their hands on to find the weaknesses they can exploit.
It’s that deep attention to detail, amplified by sophisticated tools, which make the best attackers so good at what they do. And Mike, now a defender, was expecting to see the same patterns on the defensive side.
However, after nine months of responding to incidents with the limited tools available to him, Mike sat down and asked his team one question, “Is this it?”
THE SOLUTION IS IN THE DATA
The tools available to defenders were simply never going to catch a guy like Mike, let alone the increasingly sophisticated threats organizations were facing in the years to come. There wasn’t enough information for a defender to adequately do their job.
It was on this principle that Carbon Black was founded: a “surveillance camera” for the endpoint that collects unfiltered data and continuously stores it in a centralized location where defenders can rewind the tape at any time to see what happened.
The key to making this work was to capture activity at the endpoint and centralize it without filtering anything out; in other words, UNFILTERED DATA. Every other endpoint security solution on the market filters out endpoint data that is regarded as unrelated to a threat — but that’s exactly how attackers hide their new techniques. They rely on the inability for defenders to see new patterns.
However, when you capture unfiltered data from the endpoint, you can see these new techniques. You can predict new threats. You can detect and stop new attacks. You can see the patterns everyone else is missing, share them, and the attackers can never use those techniques again.
Unfiltered data is how we tilt the advantage back to the defender. Hear Mike’s own words here.