Carbon Black, a pioneer in next-generation endpoint security delivered via the cloud, introduced Cb ThreatHunter, delivering powerful, new, advanced threat hunting and IR capabilities on the Cb Predictive Security Cloud (PSC). The new offering will be the fourth service delivered on the PSC this year. The Cb ThreatHunter announcement was made from the company’s sold-out annual user conference, #CbConnect18, in New York.
“One year ago, at Cb Connect in San Francisco, we outlined our vision to rapidly extend the Cb Predictive Security Cloud to make it easier for our customers to move off legacy AV and address multiple security use cases through a single cloud platform and single sensor,” said Patrick Morley, Carbon Black’s Chief Executive Officer. “With the addition of Cb ThreatHunter, this market-leading platform will have five offerings and delivers customers the ability to prevent, detect, respond to, predict and now, hunt threats in the cloud using a single agent, single console and single platform.”
Adding advanced threat hunting
Investigations that often take days or weeks can be completed in just minutes with Cb ThreatHunter
Cb ThreatHunter is delivered through the PSC, Carbon Black’s powerful endpoint protection platform that consolidates multiple critical endpoint security capabilities supporting both IT and security operations, including: next-generation antivirus (NGAV) + endpoint detection and response (EDR); advanced threat hunting and IR; virtualised data centre security; real-time endpoint query and remediation; and managed threat hunting and triage.
Most EDR and IR tools on the market collect only a limited set of historical data. As a result, SOCs and IR teams struggle to get their hands on the information they need to investigate, proactively hunt and remediate.
Cb ThreatHunter solves this problem by continuously collecting unfiltered data, giving security teams all the information they need to: proactively hunt threats, uncover suspicious behaviour, disrupt active attacks, repair damage quickly and address gaps in defences. Investigations that often take days or weeks can be completed in just minutes with Cb ThreatHunter.
Enhanced anomaly detection
Cb ThreatHunter further enhances our ability to deliver rapid incident detection and response to our global customers"
“Cb ThreatHunter has simplified incident response by allowing quick discovery of both simple and advanced threats, and quickly making decisions to take conclusive actions,” said Denis Xhepa, IT Systems Security Engineer of MidCap Financial Services.
“Its simplicity and responsiveness are amazing, especially when you are running an investigation where every minute matters. When I find something, I can prevent it for the future, and also look for other related or similar things. All this can be done very intuitively. Anomaly detection is also going to be enhanced by the backend intelligence applied to the data. Endpoint security used to be difficult.”
“The combination of rapidly searchable, unfiltered endpoint data for advanced threat hunting, combined with an array of prevention and response capabilities built-in to one endpoint sensor is a significant step forward. Cb ThreatHunter further enhances our ability to deliver rapid incident detection and response to our global customers,” said Marc Brawner, Principal at Kroll’s Cyber Risk practice.
Minimising attacker dwell time
Inspired by Cb Response, an EDR market pioneer with more than 2,000 active customers, Cb ThreatHunter is a brand-new product, built from the ground up on the PSC, offering security teams advanced threat hunting and IR capabilities, including:
Cb ThreatHunter equips security teams with the ability to flexibly hunt threats, even if an endpoint is offline
More Powerful Search Fields: Cb ThreatHunter equips security teams with the ability to flexibly hunt threats, even if an endpoint is offline. With this level of visibility, researchers can see what happened at every stage of an attack with intuitive attack-chain visualisations, and uncover advanced threats, while minimising attacker dwell time. This insight provides immediate answers with comprehensive behavioural context to stop attacks as quickly as possible.
Custom watchlists for real-time detection
Enhanced Threat Intel Matching: Cb ThreatHunter’s sophisticated detection combines custom and cloud-delivered threat intel, automated watchlists and integrations with the rest of the security stack to efficiently scale hunting across the enterprise. This advanced level of detection allows security teams to proactively explore environments for abnormal activity, leverage cloud-delivered threat intelligence and automate repeat hunts. Additionally, the PSC’s platform extensibility allows developers to create custom watchlists to power real-time detection and correlate data across the security stack.
Elastic Cloud Scalability: Cb ThreatHunter is natively built on the PSC, allowing security teams to rapidly deploy and scale the solution across their enterprise without investing in (or maintaining) on-premise infrastructure. By eliminating these costs and processes, Cb ThreatHunter enables teams to simplify their operations and focus their energy on hunting and responding to threats.