Threat Hunting

Threat Hunting

Stay One Step Ahead of Adversaries

Threat hunting is the evolution of detection. It turns the tables on adversaries by combining human knowledge and intuition with technology to proactively disrupt hidden threats. Hunting requires continuous recording and a centralized repository of endpoint activity that only Carbon Black can provide, so defenders can actively search for potential compromise, instead of waiting for detection alerts.

Related Resources

White Paper: Next-Generation Endpoint Security
White Paper: Next-Generation Endpoint Security

The definitive guide for how to secure your endpoints against today’s advanced threats.

White Paper: Advanced Threat Hunting with Carbon Black
White Paper: Advanced Threat Hunting with Carbon Black

With the number of advanced attacks increasing every day—most undiscovered through traditional detection and response solutions—truly hunting for threats and malware within your environment can be a laborious task.

Beyond Traditional Detection & Response

You’re not fighting malware, you’re fighting humans who are combining their intellect and reasoning with tools to create and hide threats. With the number of advanced attacks increasing every day—most undiscovered by traditional detection and response tools—truly hunting for threats within your environment can be a laborious task unless you have complete visibility into what’s happening on every endpoint.

Carbon Black delivers the most complete solution to hunt for threats, accelerate threat discovery, respond in seconds and proactively prepare for compromise.

In the hands of a defender, Carbon Black makes it possible to explore the darkest corners of an enterprise:

  • Are abnormal user accounts being accessed?
  • Do Windows processes have unusual parents?
  • Are IE, Acrobat, Word, Notepad, etc., spawning child processes?
  • Are Office applications making outbound connections?
  • Is Java spawning command shells?
  • Is cmd.exe running as system?
  • Are user accounts being added locally?
  • Are thousands of files being modified by a single process?
  • Are ftp or robocopy being used?
  • Are processes executing that don’t have an .exe or .scr extension?
  • Are there abnormalities in any command line used by net.exe?
  • Is PowerShell.exe being used when it shouldn’t?
  • Are there abnormal logins when mapping user account activity to hosts?


66% of enterprises suffered successive false alarms from their detection solutions.
SANS Institute
52% of responders lack the necessary visibility into endpoint vulnerabilities.
SANS Institute
90% of attacks take days or less to compromise an enterprise.
Verizon Data Breach Investigations Report

Faster detection means

Shorter dwell time

Smaller scope for your incident response

Less damage to your business

Invest in tools that enable humans to make quick decisions

Simplify threat hunting

With centralized data collection and retention so there’s one system of record of everything happening on your endpoints.

Root cause is easier to pinpoint

Attacks are stopped quickly before inflicting damage.

Mitigate the risk of compromise

By disrupting threats before they spread with live containment and response capabilities.

Eliminate the threat discovery gap

By hunting past and present threats, expanding detection beyond the point of compromise.

Catch threats quickly

With real-time application of aggregated threat intelligence from multiple trusted sources.

Join a Community of Experts

Hit Back with a United Front. Carbon Black is the industry leader and the top choice of security executives. Join a community of more than 2,000 forward-thinking enterprises, backed by 70+ top incident response (IR) firms and managed security service providers (MSSP) who have made Carbon Black a core component of their response strategies for: