News Releases3 min read

Facebook Welcomes Bit9 + Carbon Black into ThreatExchange Community

Carbon Black customers will have access to Facebook’s threat-sharing community

WALTHAM, Mass.—Oct. 29, 2015—Bit9® + Carbon Black® the leader in Next-Generation Endpoint Security (NGES), today announced it has joined Facebook’s ThreatExchange, a community of leading organizations dedicated to sharing threat data using a structured, easy-to-use API. Bit9 + Carbon Black is the first organization to integrate ThreatExchange data into a product and user interface.

In joining Facebook’s ThreatExchange, Bit9 + Carbon Black is part of a community comprising more than 100 top companies, including Facebook, Dropbox, Pinterest, PayPal and Microsoft.

Starting today, Carbon Black customers may choose to enable receipt of threat intelligence from the Facebook ThreatExchange and, optionally, integrate that intelligence into their alerting infrastructures. When combined with Carbon Black’s continuous endpoint recording and real-time threat intelligence, Facebook’s ThreatExchange data further empowers security teams to correlate data to improve detection capabilities and dramatically reduce incident response times.

Mark Hammell, manager of the Threat Infrastructure team at Facebook, summarized the benefits of the integration with Carbon Black in a Facebook post today. The full post is below.

“We are stronger together,” said Ben Johnson, Bit9 + Carbon Black’s chief security strategist. “The Facebook ThreatExchange continues the industry movement toward unified defense. Through sharing intelligence and other cyber-defense knowledge, especially through automated means, our community as a whole is much stronger and better able to protect vital information.”

Industry-first Access
All customers using Carbon Black, the industry’s leading endpoint detection and response solution, now have access to the “Traffic Light Protocol White” (TLP White) data in the ThreatExchange. This information is provided to Carbon Black customers via the Bit9 + Carbon Black Threat Intelligence Cloud. TLP White threat indicators include domain names, IPs and hashes.

Additional Access via Connector
Carbon Black customers already active in the Facebook ThreatExchange may install a “connector” to access additional ThreatExchange data using their own member credentials. This connector enables members of the Facebook Threat Exchange to import threat indicators from the ThreatExchange, including domain names, IPs, hashes, and behavioral indicators, into Carbon Black. The Facebook ThreatExchange and its members provide and maintain this data. This connector requires an access token to the Facebook ThreatExchange API. Facebook ThreatExchange members may click here to download the Carbon Black connector for Facebook ThreatExchange.

Carbon Black customers interested in gaining access to this additional threat intelligence are encouraged to apply for the Facebook ThreatExchange beta program. For more information on how to apply, click here.

Full Text of Facebook Post by Mark Hammell:

Scaling ThreatExchange with Product Integration

ThreatExchange has grown quickly since we opened up the application process in August. We now have over 130 companies on the platform and more than 2.5 million daily API calls.

From the start, scale has been an ongoing objective for ThreatExchange to maximize the value of the information shared by the community. As an API-based platform, ThreatExchange was intentionally built to support a wide distribution of available threat intelligence and easily fit within existing workflows. Product integration will continue to play an important role in making it easier for more people to share and use threat intelligence.

Integration with Carbon Black

Today, we’re excited to share that not only is Bit9 + Carbon Black already contributing valuable threat intelligence to ThreatExchange, but Carbon Black customers can now choose to receive data from ThreatExchange through the Carbon Black interface. They also have the option to integrate ThreatExchange data into their existing alerting infrastructures.

This means you can leverage the indicators of compromise (IOC) from ThreatExchange against the rich endpoint data available from Carbon Black. It’s a powerful combination of IOCs from ThreatExchange with free and easy malware hunting!

About Bit9 + Carbon Black
Bit9 + Carbon Black is the market leader in Next-Generation Endpoint Security. We have sold more licenses, have more experience, and more customers than any other NGES company because our solution is the most effective way to prevent, detect and respond to advanced threats that target users, servers, and fixed-function devices. That’s why more than 60 MSSP and IR leaders, including Dell SecureWorks, EY, Optiv and Solutionary, have chosen our technology as a key component of their security offerings, and 25 of the Fortune 100 rely on us as a critical element of their advanced threat defense and compliance strategies. By the end of 2015, we expect to achieve 70 percent growth, 7 million+ software licenses sold, and almost 2,000 customers worldwide. We were voted Best Endpoint Protection by security professionals in the SANS Institute’s Best of 2014 Awards, and a 2015 SANS survey found that 68 percent of IR professionals are using or evaluating Carbon Black.

Bit9 and Carbon Black are registered trademarks of Bit9, Inc. All other company or product names may be the trademarks of their respective owners.