(Editor’s Note: This blog and accompanying image originally appeared on LinkedIn Pulse and are being republished with permission from the author.)
I was recently given the privilege of attending a conference at Langkawi Island in Malaysia: the Carbon Black conference hosted at Berjaya Resort. The event had all the elements of a quality conference; engaging presenters, interesting content and fantastic networking opportunities. From a private cabin overlooking the sea, with monkeys and other wildlife running rampant (including Geckos crossing the stage during presentations!), the ambience outside the conference events was like paradise. Add in fantastic food and dinner with a performance on the beach; and there was very little that could have made it better!
Before I go on, this article will be slightly different to my usual opinion format; since in this case I am writing in the capacity of my role at The Missing Link, as an architect “Vendor Champion” for Carbon Black. Regardless, I am genuinely excited to see that Carbon Black has been working on something I wish all vendors had been focusing on for many years… so please do read on!
Consolidated Endpoint Security
One of my biggest gripes for many years has been the excessive complexity of “holistic” security. Far too often is the impact on both end users and staff overlooked from people, process and technology perspectives. Achieving a “secure” operating environment has often comprised of a pea-soup mishmash of agents and processes, resulting in a challenge through heavy footprint, complex management through multiple consoles and interfaces, disjointed data and reporting, and of course; mixed levels of efficacy. This is no more obvious than with the multitude of endpoint solutions out there that offer everything under the sun from Web Browser extensions to DLP. This is a problem, as many vendors spread themselves too thin in an effort to grab a wider market share, rather than focusing their efforts on doing what they do exceptionally well. This, I’m grateful to see, is not the case with Carbon Black.
Rather than focus on ancillary features, Carbon Black has gone back to basics and focused on the data. The result of their efforts is a consolidated cloud-hosted platform; the “Predictive Security Cloud”, or PSC for short. This is a master-stroke by Carbon Black, as it enables consolidation of all Carbon Black’s offerings into one agent with one console, underpinned by a single “dataset” shared by all components. I will dive into this a bit further in a moment, as this sentence alone doesn’t come even close to presenting how important this approach is for security in general!
I alluded to earlier the challenge of disjointed data, reporting and management. It’s no mean feat to bring order in such a chaotic state that is security on an endpoint in this day and age. Gone are the days where we install an “Anti-Virus” agent and update it from a 3.5″ floppy disk on a weekly (if that!) basis. These days, bare essentials of endpoint security encompass everything from user training to application whitelisting. For those of you familiar with existing Carbon Black offerings, including Cb Protect (Application Whitelisting), Cb Response (Incident Response) and Cb Defense (Next-Gen Anti-Virus and EDR) – you would no doubt be familiar with the different consoles, deployment models and types of data collected by each. Through the Predictive Security Cloud; Carbon Black aims to consolidate all these offerings into a single platform; starting with Cb Defense. At this point, you may be thinking – why is this any different from vendor x or y? But think back to the basics of functionality that only cloud offers; (near) infinite scalability and resources… add to it a mountain of data, intelligent algorithms and analytics, and voila! “Predictive Security.”
This “Predictive” approach is unique and could only be enabled through a unified vision “focus” on data (incidentally, Focus was actually the name of the Carbon Black conference). There’s a bit of a nuance to Carbon Black’s approach here. Most of us working in security would be familiar with the very “reactive” approach to data collection with most security products. Leveraging the cloud to its fullest, data is being collected constantly by endpoints, on the assumption that a threat is only a threat once it has been identified.
Maximising an Existing Investment
I’d be hard pressed to name an organisation that doesn’t have at least *some* on-premises virtual infrastructure somewhere within their environment. It’s even harder to name a company that isn’t using VMware to host that virtual infrastructure. Improved hardware utilisation is one of the key benefits associated with virtualisation; since rather than having 100 servers running at 10% utilisation, you may have 10 servers running at 50% utilisation to host the same workload. This has now moved into the next generation of data centre, the “software defined data centres” (SDDC) – but carries with it the same challenges on how to protect it.
Carbon Black has developed an exclusive partnership with VMware, in developing Carbon Black for VMware. The partnership sees a tightly-integrated solution with VMware’s AppDefense offering, enabling the ability to stop both malware and non-malware on virtual infrastructure; without the need for heavy security applications wasting resources on every individual virtual machine. The resulting solution enables automated and orchestrated response from a central management console.
Having visibility and central consoles is only useful if a business has the skills and technology to utilise it. However, not every business has the resources to operate their own incident response team or SOC. To fill this gap, Carbon Black has announced a managed threat-hunting service known as “ThreatSight”. Offering 24×7 coverage and triage, backed by global threat intelligence and a team of world-class experts; the service offers an early warning system and root cause analysis of threats identified through Cb Defense.
Where to next?
Like any vendor, there are components to a roadmap that are tightly-guarded secrets that cannot be revealed. Those which were revealed include vulnerability and patch management, which could be very exciting developments indeed!
There’s a good reason The Missing Link chose Carbon Black as our Tier 1 vendor for endpoint security. There are many vendors in this industry, but few offer true enterprise-grade solutions that cover the full attack chain with the level of integration being promised. Whilst it will take some time to realise the full vision of a tightly-integrated platform offered by the Predictive Security Cloud; you can rest assured that the best is yet to come!