News Releases3 min read

Carbon Black’s CB Response 6.1 Scales to the Largest of Enterprises, Empowers SOCs and IR Teams to Gain Complete Endpoint Visibility and Conclusive Root Cause Within Minutes

Carbon Black’s EDR solution empowers faster, more efficient threat hunting with a complete capture of all important endpoint activity

Carbon Black, a leader in next-generation endpoint security, today announced the release of CB Response 6.1, a new version of its market-leading endpoint detection and response (EDR) solution, which provides security operation centers (SOCs) and incident response (IR) teams the ability to proactively hunt threats and respond to attacks faster, while scaling to the largest of enterprises.

As a founding solution of the EDR market, CB Response captures all important endpoint data to provide comprehensive visibility across the enterprise and close security gaps. Competing solutions only capture partial data and offer minimal visibility into current and past activities. This incomplete picture results in delayed or failed attempts to find root cause and creates major security gaps.

With CB Response, SOCs and IR teams have complete visibility into unfiltered endpoint data and can conduct proactive, expert threat hunting to dramatically speed investigations and root-cause analysis. With CB Response, total incident response time drops from 78 hours to less than 15 minutes per incident and root-cause identification shifts from 20 hours to less than 10 minutes, according to incident response professionals who regularly use CB Response.

“CB Response continues to change the game for SOCs and IR teams,” said Michael Viscuso, Carbon Black’s chief technology officer and co-founder. “Investigations require quick and conclusive answers. Rather than polling every endpoint to gain access to time-critical information, CB Response provides security teams with real-time access to a complete picture of both current and historical endpoint activity, empowering them to wrap up investigations within minutes instead of days. Reducing dwell time stops attackers before a breach can take place. Additionally, CB Response’s open and extensible platform allows for seamless integrations to strengthen the full security stack.”

Enhancements to CB Response 6.1 include:

Unlimited Scale

CB Response scales to the largest of enterprises, supporting hundreds of thousands of endpoints with an updated system architecture marking a 3x increase in endpoints per server/cluster and unlimited archival capabilities. Additionally, “Unified View” provides visibility across clusters enabling SOC and IR teams to protect against attacks across an unlimited number of endpoints.

Increased Speed

  • Quick and agile search features via the Process-Timeline View enable investigators to zoom in on specific timeframes via click-and-drag functions to proactively hunt threats and then shut them down using Live Response.
  • Faster connections to CB Live Response and Endpoint Isolation lead to earlier root-cause discovery and threat containment as security teams focus on the information most relevant to the organization.
  • Simplified and powerful visual querying allows for faster search, helping investigators quickly construct a complete picture of the attack.
  • Enhanced curation capabilities for watchlists help teams quickly flag the most sophisticated attacks.

Unlimited Data Retention

A multi-tiered data-storage model provides access to archived data and complete visibility into any attack, regardless of when it started. With CB Response, security teams can capture and store all endpoint activity across the enterprise for as far back as they need.

About CB Response

CB Response is a market-leading IR and threat hunting solution, empowering SOCs, MSSPs and IR teams to get the answers they need. CB Response continuously records and captures all endpoint activity so security teams can hunt threats in real time, visualize the complete attack kill chain, and then respond and remediate attacks quickly. The result is zero-gap endpoint visibility. Investigations are accelerated because the information needed is always available with conclusive answers to investigation questions. With CB Response, alert validation and triage are streamlined because the details of what caused an alert are at responders’ fingertips.

CB Response offers immediate ROI for customers, including:

  • Infrastructure built for speed and real-time response
  • A solution that’s proven at scale to fit in any enterprise
  • Complete visibility that the SOC and IR teams need to see the most advanced threats
  • A solution that empowers proactive threat hunting
  • An open and extensible platform for seamless integrations