Threat Detection

Detect Even the Most Advanced Attacks in Real-Time

Carbon Black provides the most complete and actionable detection, made possible by industry-leading threat intel, including reputation analysis, attack classification and attribution. This valuable context empowers security teams to quickly understand which alerts require investigation and to respond in seconds.

Traditional security measures can’t discover the sophisticated hidden threats prevalent in today’s security landscape.

Alternative modern detection solutions rely on knowing what’s bad ahead of time, or use algorithms based on ‘known bad’ indicators of compromise. No single vendor has a lock on the world’s threat intelligence and once a file is known to be bad, it may already be too late. In many cases, the alerts are just symptoms of compromise, with no context to trace the detected threat back to the root cause of compromise.

For a deeper and more complete detection strategy, a new approach is required.

opportunistic advanced hosts compromised threat detection
It tracks everything. Really. It correlates and provides a timeline of events. You can literally peruse the killchain. You can also find out every place a file exists and you can ban it making it very easy to stop an infection.
Customer Information Technology & Services

Record. Centralize. Retain.

Carbon Black Security Platform provides complete and actionable detection by leveraging the combination of continuous endpoint recording, centralized storage and long-term retention.

  • This system of record makes it easier for defenders to correlate processes and behavioral patterns across multiple endpoints
  • Data is also instantly enriched with aggregated threat intelligence – delivered by Carbon Black Threat Intel – for a complete, contextual picture of an attack.

When alerts are generated, you know how the threat landed on your corporate infrastructure and how the attack is spreading, precise root cause and comprehensive scoping for response and remediation efforts.

Customized and Optimized Detection

Carbon Black Security Platform enables security teams to create customized watchlists of suspicious activities and behaviors that they’ve already seen in action, or have learned about through Carbon Black Threat Intel services.

  • Design and receive advanced threat detection optimized for your organization
  • Tailor detection strategies organizational risk profile and industry vulnerabilities
  • Prevent patterns of attack from from successfully repeating by banning behaviors and processes

With Cb Security Platform, defenders are in control of their own customized alerting strategy.

Detection Powered by United Intelligence

Carbon Black Threat Intel is the world’s leading source for detection, reputation and attack classification services – enriching threat detection and analysis services with real-time data from millions of endpoints and a global network of intelligence partnerships.

Armed with unique endpoint telemetry and the latest threat research, Carbon Black Threat Intel goes beyond traditional IOC based threat intelligence services.

Detect Patterns NOT Indicators of Attack

Detection that goes beyond indicators of compromise and identifies unique patterns of compromise.

  • Patterns are continuously evolving to adapt to the changing tactics of today’s threat actors and deliver a broader and more actionable level of detection
  • Strips attackers of their advantage, by detecting the way they work rather than the specific tools they use
  • Better zero-day detection than IOCs alone

Available to Carbon Black Security Platform customers, these pattern based detection feeds enable security teams to monitor and examine threat vectors across systems.

Reduce Alert Fatigue

With trust ratings on more files than any other provider, Carbon Black Threat Intel delivers unmatched reputation regarding known-good, known-bad and unproven software and domains

  • IT and security teams have actionable intelligence about the software installed—and network connections made—within their enterprise
  • Trust ratings can be leveraged to define endpoint threat prevention policies, build custom detection events and prioritize investigations

Detect the Enemy – Not Just The Threat

Detecting a threat is more useful when you understand your enemy’s tactics and motivation.

  • Comprehensive attack context and attribution to help identify the threat actor group behind an attack
  • Contextual information on the type of attacker, country of origin, related attacks, and known tactics, techniques and procedures unmasks your enemy

Organizations can move from reacting to compromise to proactively working to disrupt their adversary

White Paper: Patterns of Compromise & Intelligence-Driven Threat Detection
Today’s attackers are more sophisticated and persistent than ever before. Advanced malware and attack techniques have become one of the biggest concerns to organizations, and it’s extremely difficult for security teams to keep pace.