Bit9 + Carbon Black Network Integration with FireEye

Bit9 + Carbon Black Extends Real-Time Malware Detonation to the Endpoint

Bit9 + Carbon Black deliver a first-of-its-kind integration with FireEye NX, EX and FX Series Platforms to correlate network and endpoint/server security threat intelligence for comprehensive advanced threat protection. This integration reduces the overall operational effort of managing network and systems security, accelerates incident response time and improves your organization’s overall security posture.

2014-Integration-Diagram-FE

The Bit9 + Carbon Black Connector for FireEye delivers real-time security for two major use cases:

  1. Files that arrive on the network are automatically categorized by FireEye with malware alerts sent to the Bit9 + Carbon Black Security Platform. These alerts are immediately correlated with Bit9 + Carbon Black’s up-to-the-second endpoint and server data to confirm the location, scope and severity of the threat across the enterprise. This enables security teams to:
    • Prioritize network alerts based on how many machines have been infected and if the malware has executed.
    • Investigate the scope of threats using the recorded details of every endpoint and server to trace the root cause and progression of the attack.
    • Remediate endpoints and servers by knowing precisely which machines are impacted and need attention and automatically ban files from executing based on FireEye-detected malware.
  2. Bit9 can retrieve any file from any endpoint or server—automatically or on-demand—and have FireEye detonate it to analyze the file and assess its risk level. This enables security teams to:
    • Ensure every new file on any endpoint or server is safe. Security teams also can write rules to determine which files should be automatically submitted to maximize coverage while minimizing network traffic.
    • Analyze any file on any endpoint or server with just a few clicks. Often security analysts need to determine the risk level of a particular file. Now they can use Bit9 to retrieve the file from any endpoint or server and directly submit it to FireEye for detonation.
    • Automatically block the execution of files on endpoints or servers based on detonation results. Bit9 can automatically ensure that any file deemed malicious by FireEye can never execute again throughout the enterprise.
video
Video: Bit9+CarbonBlack integration with FireEye
video
Demo: Bit9+CarbonBlack Network Integration for FireEye

Technical White paper:
Bit9 + Carbon Black for FireEye

View Now

Data sheet:
Bit9 + CarbonBlack for FireEye

View Now
Bit9 + Carbon Black
DataXu