Cb Connect 2018 | Power of You | Register Now

Partner Perspectives: Containing and Recovering from Incidents with the Help of Minerva Labs and Carbon Black

July 11, 2018 / Lenny Zeltser

Lenny Zeltser is a VP of Products at Minerva Labs, as well as an author and instructor at SANS Institute.

Despite their efforts to prevent intrusions, enterprises can still face large-scale compromises. When organizations discover numerous endpoints infected with malicious code, how can responders quickly contain the attack and recover?

With endpoint security solutions from Carbon Black and Minerva Labs, responders can safely resolve situations without disrupting business.

Malware Containment at the Endpoint

When malware finds its way around preventative defenses and effects multiple endpoints, Minerva’s Anti-Evasion Platform can be deployed to automatically disrupt the malicious code. Minerva’s technology causes evasive threats to terminate themselves, or crash, allowing the system to continue performing critical business functions. This capability is especially useful when it is impractical for a company to quarantine the affected endpoint.

After the malware is neutralized by Minerva’s Anti-Evasion Platform, Carbon Black products Cb Response and Cb Defense continue investigating the incident to reliably assess the nature of the attack, and eradicate the malicious presence from the environment.

Minerva and Carbon Black’s solutions work together so companies can precisely contain incidents in high-stress environments experiencing large-scale compromises.

Recovering from Ransomware Attacks

Organizations can use Carbon Black and Minerva’s solutions to recover from ransomware infections. Minerva’s Anti-Evasion Platform has the ability to restore documents targeted by malware for destruction.

Carbon Black customers can easily interact with this feature by using the Live Response functionality built into Cb Defense and Cb Predictive Cloud. Incident responders can select the Go Live tool to activate an interactive Carbon Black console, which connects with the affected endpoint and leverages Minerva Labs to restore the destroyed documents. This is possible even if Carbon Black is enforcing a quarantine around the infected endpoint by isolating it from the organization’s network.

The image below shows just how easy it is for Carbon Black and Minerva Labs customers to use the Live Response console to direct Minerva Labs to restore documents. This way, files can be obtained quickly and without ransom.  This is one of many ways in which Minerva aids incident responders and strengthens customers’ defense ecosystems that employ other security solutions.


TAGS: Cb Defense / Cb Predictive Cloud / Cb Response / CbIN / endpoint / Integration Network / Minerva Labs / network / Remediation / Response / Vulnerability