Endpoint Threat Detection Detect Attacks in Real Time Without Relying on Signatures
Threat Intelligence Cloud
Single Solution for Instant, Aggregated Threat Intelligence
The Bit9 + Carbon Black Threat Intelligence Cloud offers a comprehensive, aggregated advanced threat intelligence solution that combines Bit9 + Carbon Black’s leading software reputation and threat indicator services with third-party intelligence sources to provide some of the industry’s most powerful, correlated and accurate threat insight. No single vendor has a lock on the world’s threat intelligence, and organizations need to combine threat intelligence from a variety of proprietary and third-party sources. That is why the Threat Intelligence Cloud combines Bit9 + Carbon Black’s proprietary threat intelligence and comprehensive attack classification from industry-leading third-party intelligence sources.
Bit9 + Carbon Black’s Threat Research Team produces threat intelligence by analyzing data from millions of endpoints, giving it a unique insight into threat behaviors. This results in two cloud-delivered services: threat indicators for emerging attacks and reputation intelligence for known-good, known-bad and unproven software. The combination of this aggregated intelligence—seamlessly integrated with both the Bit9 and Carbon Black solutions—enables you to build custom detection events tailored for your business, accelerate investigations during a response, proactively hunt for threats and define trust policies for multiple forms of threat prevention.
Threat Indicator Service to detect malicious behavior and compromise
The Bit9 + Carbon Black Threat Research Team analyzes the data from millions of endpoints to design and publish actionable indicators of malicious attack behavior and compromise. These threat feeds enable security teams to monitor and examine threat vectors across systems such as files executing from the recycle bin, suspicious process names or extensions, backdoor installations, ransomware, host file modifications, firewall tampering, malformed documents, suspicious attack processes and more. These indicators are continuously evolving to adapt to the changing tactics of today’s threat actors.
Reputation Service for trust ratings of known-good, known-bad and unproven software
The Threat Intelligence Cloud’s Reputation Service delivers unmatched reputation regarding known-good, known-bad and unproven software giving IT and security teams actionable intelligence about the software installed within their enterprise. These trust ratings can be leveraged to build custom detection events, prioritize investigations and define threat prevention policies.
Attack Classification Service for third-party attack context and attribution
The Threat Intelligence Cloud provides comprehensive attack classification by integrating with a robust list of industry-leading third-party sources to help enterprises identify the type of malware and threat actor group behind an attack. By integrating with third-party feeds, the Threat Intelligence Cloud can distribute intelligence from antivirus aggregation engines, malicious domain or Tor Node IP addresses, community threat intelligence, the National Vulnerability Database and more.
The Bit9 + Carbon Black Threat Intelligence Cloud is a critical component of both the Bit9 and Carbon Black Security Platforms
Bit9 Security Platform
The Bit9 Security Platform is the most comprehensive endpoint threat protection solution. By continuously monitoring and recording all endpoint activity, Bit9 can prevent, detect and respond to cyber threats that evade traditional security defenses. Bit9’s real-time visibility, cloud-driven reputation, advanced threat indicators, and real-time enforcement engine provide organizations with immediate visibility and granular control over all endpoint activity. This allows Bit9 to deliver real-time signature-less detection of and protection against advanced threats.
Carbon Black is the industry’s first and only endpoint threat detection and response solution for SOC and IR teams that combines continuous recording and live response capabilities to prepare organizations for a breach, instantly isolate endpoint threats, respond in seconds, hunt for threats, terminate ongoing attacks and remediate threats at the moment of discovery. Carbon Black reduces the cost and complexity of traditional incident response by replacing reactive “after-the-fact” manual data acquisition with proactive continuous monitoring and recording of all activity on endpoints and servers. Responders can now dramatically reduce the dwell time of targeted threats with instant attack intervention and remediation of advanced threats. Top IR firms and MSSPs have made Carbon Black a core component of their detection and response services.
Bit9 + Carbon Black Threat Intelligence Cloud
SANS: Survey on Who’s Using Cyberthreat Intelligence and How?