Bit9 + Carbon Black for Palo Alto Networks

Bit9 + Carbon Black extends real-time malware detonation to the endpoint.

Bit9 + Carbon Black delivers a first-of-its-kind integration with Palo Alto Networks Next-Generation Firewall and WildFire solutions to correlate network and endpoint/server security threat intelligence for comprehensive advanced threat protection. This integration reduces the overall operational effort of managing network and systems security, accelerates incident response time and improves your organization’s overall security posture.

Palo Alto and Bit9+CarbonBlack Integration Diagram

The Bit9 + Carbon Black Connector for Palo Alto Networks delivers real-time security for two major use cases:

  1. Files that arrive on the network are automatically categorized by Palo Alto Networks with malware alerts sent to the Bit9 + Carbon Black Security Platform. These alerts are immediately correlated with Bit9’s up-to-the-second endpoint and server data to confirm the location, scope and severity of the threat across the enterprise. This enables security teams to:
    • Prioritize network alerts based on how many machines have been infected and if the malware has executed.
    • Investigate the scope of threats using the recorded details of every endpoint and server to trace the root cause and progression of the attack.
    • Remediate endpoints and servers by knowing precisely which machines are impacted and need attention and automatically ban files from executing based on Palo Alto Networks-detected malware.
  2. Bit9 can retrieve any file from any endpoint or server—automatically or on-demand—and have Palo Alto Networks Wildfire detonate it to analyze the file and assess its risk level. This enables security teams to:
    • Ensure every new file on any endpoint or server is safe. Security teams also can write rules to determine which files should be automatically submitted to maximize coverage while minimizing network traffic.
    • Analyze any file on any endpoint or server with just a few clicks. Often security analysts need to determine the risk level of a particular file. Now they can use Bit9 to retrieve the file from any endpoint or server and directly submit it to Palo Alto Networks for detonation.
    • Automatically block the execution of files on endpoints or servers based on detonation results. Bit9 can automatically ensure that any file deemed malicious by Palo Alto Networks can never execute again throughout the enterprise.
Bit9 + Carbon Black