News Releases4 min read

Bit9 + Carbon Black Announces Carbon Black 5.0, First Endpoint Threat Detection and Response Solution to Deliver Continuous Recording and Live Response

Enables incident responders to dramatically reduce malware dwell time with instant intervention and remediation of advanced, targeted attacks

WALTHAM, Mass.—Jan. 27, 2015—Bit9® + Carbon Black®, the leader in endpoint threat prevention, detection and response, today announced the immediate availability of Carbon Black version 5.0, the industry’s first and only endpoint threat detection and response solution that combines continuous endpoint recording and live incident response capabilities. With Carbon Black 5.0 organizations can now prepare for a breach—by continuously recording endpoint activities—and rapidly respond to an incident by instantly isolating endpoint threats, terminating attacks, and remediating endpoints, all via a remote connection to any endpoint in the enterprise. These new capabilities rapidly reduce the time to detect, terminate and remediate cyber attacks.

Carbon Black version 5.0 delivers four significant innovations:

1 – Live Response: With the addition of Carbon Black Live Response, security operations center (SOC) analysts and incident responders can more quickly determine the root cause of an attack, stop the spread of an attack, terminate an attack, remediate affected machines and incorporate third-party incident response tools—all from a single console.

  • One-click endpoint Isolation enables responders to instantly disrupt active intrusions by quarantining and isolating one or multiple endpoints from the network while still maintaining an active connection of the system under investigation to the Carbon Black server. By containing endpoint threats at the moment of discovery, responders can limit damage and potential data loss. This also enables security operations personnel or IR teams to perform more conclusive and surgical investigations on isolated endpoints while eliminating the ability of malware to spread or data to be exfiltrated.
  • Investigate any endpoint to understand its current state, via a remote capability that allows for identifying all currently running processes, understanding the file inventory, current network activity and registry settings, and retrieving files from—and delivering files and tools to—a remote host.
  • Intervene during ongoing attacks, by killing any running process.
  • Make modifications on the endpoint to remediate attacks, such as removing malware, cleaning registry settings, removing files, and validating the success of that remediation.

2 – KPI Dashboards for Instant Endpoint Insight: With Carbon Black’s new dashboards, security teams gain instant insight into key endpoint and incident response performance indicators across their entire environment. This enables organizations to understand and articulate the state of their endpoint detection and response capabilities. As one of the first security solutions to measure and chart dwell time, Carbon Black enables enterprises to improve their response processes and procedures over time to optimize the productivity of their security teams.

3 – Enriched Threat Intelligence, Detection and Alerting: Carbon Black improves the detection capabilities of organizations by leveraging the latest enhancements to the Bit9 + Carbon Black Threat Intelligence Cloud, which include a variety of new threat feeds developed and published by the Bit9 + Carbon Black Threat Research Team. These new threat feeds enable security teams to monitor and examine many system facets and behaviors. Examples include detecting files executing from the recycle bin, suspicious process names or extensions, backdoor installations, ransomware, host file modifications, suspicious attack processes, and more.

4 – Alert Prioritization and Tracking: Many enterprises suffer from alert fatigue or struggle to understand exactly what to look for within their environment. Carbon Black 5.0 now enables security teams to turn noisy detection into optimized threat discovery. Users can rate and adjust alerts by severity, and mark and track alert resolution all from a single console. Responders can manage their detection events with greater efficiency and accuracy to accelerate threat discovery and improve the overall speed of investigations.

More than 20 top IR firms and MSSPs—including Dell SecureWorks, Kroll, Stroz Friedberg, General Dynamics Fidelis and others—trust Carbon Black as a core component of their detection and incident response services.

Bit9 + Carbon Black Executive Quote: Brian Hazzard, vice president of product management
“Carbon Black 5.0 is a game changer. Currently, responders spend hours, days, weeks or even longer just collecting the data necessary to fully enable their response. Unlike any other product on the market, Carbon Black enables the largest enterprises to effectively prepare for potential compromise and breach. We do this through our industry-leading continuous recorder that proactively collects data at the endpoint. Carbon Black 5.0 combines the power of that endpoint visibility with new Live Response capabilities to deliver the most complete and comprehensive IR solution on the market. Now responders, through one solution and console, can understand the entire attack kill chain, customize their detection, hunt for threats, isolate impacted endpoints, terminate attacks and remediate threats at the moment of compromise. No other single solution can deliver the complete value of both a continuous recorder and Live Response capabilities to enterprises, IR companies and MSSPs.”

Analyst Quote: Charles Kolodgy, research vice president – Secure Products for IDC
“The endpoint security market is crowded with vendors that offer detection and analysis or containment and eradication capabilities. What is missing is a solution that offers a combination of continuous recording of the endpoint state, malicious activity discovery, attack termination by killing processes, and immediate remediation. Carbon Black 5.0 is offering this combination of features.”

Analyst Quote: David Monahan, research director, Security and Risk Management for Enterprise Management Associates
“As part of the security cycle of Prevention, Detection and Response, Live Response capabilities, like one-button host isolation, are key to enabling organizations to stay ahead of fast-moving targeted threats. Carbon Black 5.0 delivers continuous recording and Live Response capabilities that set it apart from the competition. Breach may be inevitable, but the ability to leverage contextual intelligence to quickly identify threats reduces dwell time and stops exfiltration, saving organizations—and consumers—from the painful consequences of data loss.”

About Bit9 + Carbon Black
Bit9 + Carbon Black provides the most complete solution against advanced threats that target organizations’ endpoints and servers, making it easier to see—and immediately stop—those threats. The company enables organizations to arm their endpoints by combining continuous, real-time visibility into what’s happening on every computer; real-time signature-less threat detection; incident response that combines a recorded history with live remediation; and prevention that is proactive and customizable.

More than 1,000 organizations worldwide—from Fortune 100 companies to small enterprises—use Bit9 + Carbon Black to increase security, reduce operational costs and improve compliance. Leading managed security service providers (MSSP) and incident response (IR) companies have made Bit9 + Carbon Black a core component of their detection and response services.

Bit9 and Carbon Black are registered trademarks of Bit9, Inc. All other company or product names may be the trademarks of their respective owners.