Advanced Threat Detection

Detect attacks in real time without signatures

life_cycle_updated_Detection_FNL No single vendor has a lock on the world’s threat intelligence and enterprises cannot know what’s bad ahead of time. Signature-based detection solutions are only effective at detecting opportunistic threats that find value in scale of access and deploy their malware widely. For advanced threats, a different approach is required.



Watchlist-150x150Real-time customized detection techniques that go
beyond signatures

With Bit9 + Carbon Black, you can build robust and actionable detection by leveraging the combination a continuous endpoint recording and instant, aggregated threat intelligence—delivered from the Bit9 + Carbon Black Threat Intelligence Cloud. This enables you to reduce alert fatigue by receiving and designing advanced threat detection optimized for your organization. No testing and updating .dat files—just immediate, proactive and signature-less detection.


Leverage the power of the Bit9 + Carbon Black Threat Intelligence Cloud


The Bit9 + Carbon Black Threat Intelligence Cloud offers a comprehensive, aggregated advanced threat intelligence solution that combines Bit9 + Carbon Black’s leading software reputation, threat indicator and attack classification services to provide some of the industry’s most powerful, correlated and accurate threat insight. This enables your enterprise to build powerful advanced threat detection techniques that are customized and tailored for your specific business or industry.

Threat_Indicator-150x150Threat Indicator Service for detection of malicious behaviors and compromise

The Bit9 + Carbon Black Threat Research Team analyzes the data from millions of endpoints to design and publish actionable indicators of malicious attack behaviors and compromise. These threat feeds enable security teams to monitor and examine threat vectors across systems such as files executing from the recycle bin, suspicious process names or extensions, backdoor installations, ransomware, host file modifications, firewall tampering, malformed documents, suspicious attack processes, geolocation, spear phishing attacks and more. These indicators are continuously evolving to adapt to the changing tactics of today’s threat actors.

levels-150x150Reputation Service for trust ratings of known-good, known-bad and unproven software and domains

The Threat Intelligence Cloud’s Reputation Service delivers unmatched reputation regarding known-good, known-bad and unproven software and domains giving IT and security teams actionable intelligence about the software installed—and network connections made—within their enterprise. These trust ratings can be leveraged to define endpoint threat prevention policies, build custom detection events and prioritize investigations.

Multiple_Feeds-150x150Attack Classification Service for attack context and attribution

The Threat Intelligence Cloud’s Attack Classification Service provides comprehensive attack context and attribution to assist enterprises in identifying the type of malware and threat actor group behind an attack. This provides enterprises with an understanding of the type of attacker, country of origin, related attacks, and their tactics, techniques and procedures to optimize endpoint threat prevention, detection and response efforts.

Bit9 + Carbon Black also integrates with third-party security solutions such as network security providers. This expands your security teams detection footprint, enabling you to build best-of-breed detection so that you can monitor across every threat vector and optimize your detection.

Bit9 + Carbon Black