Incident Response

Incident Response

Respond and remediate faster

Incident response is about getting answers, quickly. You need all the information about on-site activity available to you, at all times. If you’re spending time collecting data after a threat is detected, you’ve already lost. With gapless visibility at your fingertips at all times, you always have conclusive answers to the questions you’re asking.

Cb Response is the market-leading incident response solution.

Capture all threat activity

  • Continuous and centralized recording for zero-gap endpoint visibility
  • Accelerate investigations because information you need is always available
  • Triage more alerts, faster

Hunt threats in real time

  • Explore your environment
  • Discover threats missed by your defenses
  • Reduce dwell time and damage

Visualize the completed attack kill chain

  • See every detail of how you’re being attacked
  • See where the attacker went and what they did
  • Understand root cause to close gaps and stop future attacks

Respond and remediate

  • Remotely investigate and remediate any endpoint, from anywhere
  • Reduce IT involvement by eliminating unnecessary reimaging

This table shows data from Carbon Black Partners that actively provide IR services and the Carbon Black SOC, showing how incident response times can go from months to minutes with Cb Response:

In-House FTE Conventional 3rd Party Carbon Black Response
Endpoint Located 2 hours 2 hours <1 minute
Forensic resource applied to endpoint 1 hour 12 hours n/a
Endpoint imaged 6 hours 4 hours n/a
Endpoint Analyzed 70 hours 40 hours 10 minutes
78 hours
(per endpoint)
58 hours
(per endpoint)
<15 minutes
(per endpoint)

Related Resources

Blog: 5 Common Mistakes When Responding to a Security Incident

Datasheet: Cb Response

White Paper: Reducing the Cost of Incident Response

White Paper: SANS: The Race to Detection: A Look at Rapidly Changing IR Practices