Endpoint Threat Detection Detect Attacks in Real Time Without Relying on Signatures
Threat Intelligence Cloud
Single Solution for Instant, Aggregated Threat Intelligence
The Bit9 + Carbon Black Threat Intelligence Cloud offers a comprehensive, aggregated advanced threat intelligence solution that combines leading software reputation, threat indicator and attack classification services to provide some of the industry’s most powerful, correlated and accurate threat insight. No single vendor has a lock on the world’s threat intelligence. Organizations need to combine threat intelligence from a variety of proprietary and third-party sources. Only the Threat Intelligence Cloud combines Bit9 + Carbon Black’s unique threat intelligence and industry-leading third-party intelligence sources to empower security professionals to optimize and improve their prevention, detection, response and recovery capabilities.
Threat Indicator Service for detection of malicious behaviors and compromise
The Bit9 + Carbon Black Threat Research Team analyzes the data from millions of endpoints to design and publish actionable indicators of malicious attack behaviors and compromise. These threat feeds enable security teams to monitor and examine threat vectors across systems such as files executing from the recycle bin, suspicious process names or extensions, backdoor installations, ransomware, host file modifications, firewall tampering, malformed documents, suspicious attack processes, geolocation, spear phishing attacks and more. These indicators are continuously evolving to adapt to the changing tactics of today’s threat actors.
Reputation Service for trust ratings of known-good, known-bad and unproven software and domains
The Threat Intelligence Cloud’s Reputation Service delivers unmatched reputation regarding known-good, known-bad and unproven software and domains giving IT and security teams actionable intelligence about the software installed—and network connections made—within their enterprise. These trust ratings can be leveraged to define endpoint threat prevention policies, build custom detection events and prioritize investigations.
Attack Classification Service for third-party attack context and attribution
The Threat Intelligence Cloud’s Attack Classification Service provides comprehensive attack context and attribution by integrating with a robust list of industry-leading third-party sources to assist enterprises in identifying the type of malware and threat actor group behind an attack. By integrating with third-party feeds, the Threat Intelligence Cloud distributes intelligence regarding antivirus aggregation engines, malicious domain or Tor Node IP addresses, command-and-control communications, community threat intelligence and more.
The Bit9 + Carbon Black Threat Intelligence Cloud is a critical component of both the Bit9 and Carbon Black Security Platforms
Bit9 Security Platform
The Bit9 Security Platform is the industry’s most comprehensive endpoint threat protection solution and the world’s most widely deployed whitelisting solution. With a single agent, Bit9 continuously monitors and records all endpoint and server activity to prevent, detect and respond to cyber threats that evade traditional security defenses. Together, Bit9’s real-time endpoint recorder, cloud-driven threat intelligence and open API architecture provide organizations with real-time visibility; signature-less detection, multiple forms of advanced threat prevention; a full record of endpoint activity to rapidly respond to alerts and incidents; and unmatched flexibility to seamlessly integrate with both in-house and third-party tools.
Carbon Black is the first and only endpoint threat detection and response platform that enables SOC and incident response (IR) teams to prepare for a data breach through continuous endpoint recording, customized detection, live response, remediation, and threat banning. Built entirely on open APIs, Carbon Black delivers an unmatched ability for responders to both “pull in” capabilities from other security solutions and threat intelligence as well as expose and “push out” the data captured by Carbon Black and its full feature set to third-party or homegrown security products. Carbon Black makes advanced threats easier to see and faster to recover from by empowering SOC and IR teams to arm their endpoints against the most advanced and targeted attacks. Top IR firms and MSSPs have made Carbon Black a core component of their detection and response services.
Bit9 + Carbon Black Threat Intelligence Cloud
SANS: Survey on Who’s Using Cyberthreat Intelligence and How?