Actu
Carbon Black Unveils Collective Defense Ecosystem
June 2016 by Emmanuelle Lamandé
Carbon Black® unveiled the Detection eXchange, a place where thousands of security experts worldwide can collaborate in real time to curate information about cyberattacks and how to stop them.
The current standard for threat intelligence focuses on Indicators of Compromise
(IOC), which are cheap, fragile and inexpensive for an adversary to change. Through
the Detection eXchange, Carbon Black customers and partners can collaborate and
share “Patterns of Attack” (POA), threat intelligence encompassing the specific
series of behaviors attackers use to compromise systems. These patterns include the
root cause of attacks (e.g., exploits or vulnerabilities) and are far more expensive
for an adversary to change than Indicators of Compromise (IOC). Patterns of Attack
curated by members of the Detection eXchange are automatically leveraged by Carbon
Black’s products to improve future detection.
The Carbon Black Detection eXchange connects security professionals from around the
world. To date, Carbon Black has organized a large and diverse customer and partner
ecosystem in the cyber security marketplace, bringing together the collective
experience of more than 10,000 security professionals including:
– 2,000 customer organizations ranging from Fortune 100 organizations to
regional retailers, and from multinational market leaders to state and local
governments
– 70+ top incident response (IR) firms and managed security service
providers (MSSP)
The Carbon Black Detection eXchange enables any customer or partner in the Carbon
Black network to share Patterns of Attacks, which identify the behaviors, techniques
and tactics of malicious actors. “Patterns of Attack” are exponentially more
revealing for defenders than “Indicators of Compromise,” which merely categorize
a single, static piece of information that is relevant for a small window of time.
Once Patterns of Attack are identified in the Detection eXchange, they can be turned
on as Watchlists within the Carbon Black Security Platform to automatically detect
when malicious behavior occurs in an enterprise environment. Watchlists continuously
apply threat intelligence against new and retrospective endpoint sensor data, to
immediately stop those sets of behaviors from running again, thus preventing future
attacks of the same kind. Watchlists from the community are automatically fed into
the Cb Security Platform to alert all customers when that Pattern of Attack is seen.
As the community continues to share, every member organization achieves a stronger
security posture.
This sharing system makes the collective knowledge of top security experts available
to every community member. This is critically valuable for organizations that
previously could not afford such deep expertise. In just its first two months, more
than 600 Carbon Black customers and partners participated in the Carbon Black
Detection eXchange.
