News Releases3 min read

Carbon Black’s Breakthrough ‘Streaming Prevention’ Leapfrogs Cylance, McAfee and Symantec by Stopping Both Malware and Non-Malware Attacks

CB Defense ‘Streaming Prevention’ stops more attacks than traditional and machine-learning antivirus (AV), which only stop commodity malware

WALTHAM, Mass.— February 6, 2017Carbon Black, a leader in next-generation endpoint security, today unveiled “Streaming Prevention,” a cybersecurity technology that redefines the Next-Generation Antivirus (NGAV) market by combining a breakthrough prevention model with market-leading detection and response to stop both malware and non-malware attacks.

“Streaming Prevention” is the core technology powering CB Defense, Carbon Black’s NGAV solution, which can prevent, detect and respond to the most advanced cyber attacks, including non-malware attacks.

Non-malware attacks gain control of computers without downloading malicious software. Instead, they use trusted, native operating system tools, such as PowerShell, and exploit running applications, such as browsers, to “live off the land.” These attacks pose a bigger risk than malware attacks because they are harder to detect and cause more damage. Virtually every organization was targeted by such an attack in 2016, according to Carbon Black research.

In protecting against non-malware attacks, “Streaming Prevention” is a fundamentally different approach to endpoint prevention than taken by Cylance, McAfee, Symantec and other antivirus (AV) vendors.

Streaming Prevention

Carbon Black’s “Streaming Prevention” technology can prevent both malware and non-malware attacks by leveraging event stream processing, the same technology that revolutionized algorithmic day-trading. Similar to algorithmic day-trading applications, “Streaming Prevention” continuously updates a risk profile based on a steady stream of computer activity. When multiple, potentially malicious events occur in succession, “Streaming Prevention” blocks the attack.

This breakthrough in prevention leapfrogs machine-learning AV, which focuses exclusively on files and does nothing to target an attacker’s behaviors. These behaviors often include leveraging trusted applications to “live off the land” to remain undetected.

Legacy AV solutions and static, machine-learning approaches focus on detecting malware at the point-in-time it is written or executed. In contrast, “Streaming Prevention” empowers security teams to see and stop a cyber attack at any point during the attack cycle, well before a system can be compromised.

CB Defense customer, Fuli Chavez, Sr. Security Operations Analyst at DA Davidson: “‘Streaming Prevention’ is a game-changing technology. By combining NGAV with market-leading detection and response technologies into a single agent, CB Defense protects our organization from the most advanced cyber attacks, including non-malware attacks. The solution can be deployed within minutes from the cloud or management systems and is virtually invisible to our end-users.”

“Carbon Black is continuously innovating to stay at the forefront of cybersecurity, and we have a long history of helping organizations all over the globe protect their endpoints,” said Patrick Morley, Carbon Black’s president and chief executive officer. “‘Streaming Prevention’ marks a significant breakthrough in the NGAV market. With CB Defense, our customers can confidently replace legacy antivirus and achieve a level of endpoint protection that redefines what it means to be ‘safe.’”

CB Defense’s Market-Leading Detection and Response

As founder of the endpoint detection and response (EDR) market, Carbon Black brings world-class detection and response capabilities to CB Defense. CB Defense combines prevention, detection and response into a single offering, giving security teams complete visibility over their enterprises. CB Defense captures all endpoint activity to feed automated threat-hunting algorithms and detect threats using intelligence from the Carbon Black Collective Defense Cloud.

With CB Defense, security teams can visualize an attack’s full “kill chain” to understand what’s happening every step of the way, making response and remediation faster than ever before.

CB Defense’s market-leading detection and response offer:

Attack Stream Visualization – Investigate an attacker’s origins, motivations and tactics with intuitive visual mapping.

Root-Cause Analysis – Uncover the root cause of an attack in minutes and close security gaps instantly.

Automated Threat Hunting – Conduct automatic threat hunting across an enterprise by combining captured endpoint activity with aggregated threat intelligence from the Carbon Black Collective Defense Cloud.

One Agent, One Console, Cloud Delivered

CB Defense’s breakthrough prevention technology, “Streaming Prevention,” combines with market-leading detection and response in a single agent and is viewed in a single console. CB Defense is delivered via the cloud, so there are no hardware or storage costs. The solution deploys in 15 minutes.

Lightweight and Easy

CB Defense has virtually no impact on systems and users, occupying less than one percent of CPU and less than one percent of disk.

CB Defense’s new, powerful UI gives teams complete control over their security, immediate access to what needs attention, and a view into what attacks were recently stopped. Simple dashboards highlight the most pertinent issues.

For more information, visit

About Carbon Black

Carbon Black is a leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, CB Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. CB Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.