Incident Response

Rapidly analyze, contain, disrupt and remediate attacks

Incident Response Lifecycle



For incident response teams, half the battle is just collecting the data to do your job. Reactively collecting data using antiquated forensic tools and outdated antivirus products delivers very little visibility into the full context of an incident and continues to prove laborious and inefficient. Collecting data after detection is a backwards approach and makes it nearly impossible to understand lateral movement or the root cause of advanced attacks. Likewise, the necessity to manage multiple solutions for visibility and remediation requires dropping administration credentials, a less than ideal situation in any incident response process.

Kill_Chain-150x150Recorded history for instant root cause investigations

Bit9 + Carbon Black delivers an unmatched ability to instantly understand root cause—through a gapless recorded history and visualization of the entire attack kill chain—to respond and recover at the moment of discovery. This enables responders to immediately “roll back the tape” to identify root cause. This empowers security operations personnel to also learn from their investigations to improve future processes, procedures and security.

Endpoint_Isolated-150x150One-click endpoint isolation for immediate threat containment

Responders can instantly contain active intrusions remotely by isolating one or multiple endpoints from communicating with the network. By still maintaining an active connection with the server—even while isolated—IR teams can perform more conclusive and surgical investigations on or off the network.

Live_response-150x150Live response for endpoint threat inspection, termination & remediation

With live response, responders can understand the current state of an endpoint, perform remote live investigations, intervene with ongoing attacks, and instantly remediate endpoint threats. This enables incident responders to “look” and “touch” endpoints to take immediate action during an investigation—even while the endpoint remains isolated from the rest of the network.

Banning_Threat-150x150Endpoint threat banning for instant attack disruption & recovery

With endpoint threat banning, responders can instantly stop, contain and disrupt advanced threats as well as block the future execution of similar attacks. Along with endpoint threat isolation and live response capabilities—responders can recover from advanced threats faster than any endpoint threat detection and response solution on the market.

Bit9 + Carbon Black reduces the cost and complexity of traditional incident response by replacing reactive “after-the-fact” manual data acquisition with proactive continuous monitoring and recording of all activity on endpoints and servers. Responders can dramatically reduce the dwell time of targeted threats with instant attack intervention and remediation of advanced threats.

Bit9 + Carbon Black