Actu
Carbon Black Unveils Collective Defense Ecosystem, Enabling Thousands of Security Professionals to Collaborate and Defend Against Cyber Criminals
June 2016 by Marc Jacob
Carbon Black®, the provider of Next-Generation Endpoint Security (NGES) solutions, unveiled the Detection eXchange, a place where thousands of security experts worldwide can collaborate in real time to curate information about cyberattacks and how to stop them.
The current standard for threat intelligence focuses on Indicators of Compromise (IOC), which are cheap, fragile and inexpensive for an adversary to change. Through the Detection eXchange, Carbon Black customers and partners can collaborate and share “Patterns of Attack” (POA), threat intelligence encompassing the specific series of behaviors attackers use to compromise systems. These patterns include the root cause of attacks (e.g., exploits or vulnerabilities) and are far more expensive for an adversary to change than Indicators of Compromise (IOC). Patterns of Attack curated by members of the Detection eXchange are automatically leveraged by Carbon Black’s products to improve future detection.
The Carbon Black Detection eXchange connects security professionals from around the world. To date, Carbon Black has organized a large and diverse customer and partner ecosystem in the cyber security marketplace, bringing together the collective experience of more than 10,000 security professionals including:
• 2,000 customer organizations ranging from Fortune 100 organizations to regional retailers, and from multinational market leaders to state and local governments
• 70+ top incident response (IR) firms and managed security service providers (MSSP)
Carbon Black Detection eXchange & Patterns of Attack
The Carbon Black Detection eXchange enables any customer or partner in the Carbon Black network to share Patterns of Attacks, which identify the behaviors, techniques and tactics of malicious actors. “Patterns of Attack” are exponentially more revealing for defenders than “Indicators of Compromise,” which merely categorize a single, static piece of information that is relevant for a small window of time.
Once Patterns of Attack are identified in the Detection eXchange, they can be turned on as Watchlists within the Carbon Black Security Platform to automatically detect when malicious behavior occurs in an enterprise environment. Watchlists continuously apply threat intelligence against new and retrospective endpoint sensor data, to immediately stop those sets of behaviors from running again, thus preventing future attacks of the same kind. Watchlists from the community are automatically fed into the Cb Security Platform to alert all customers when that Pattern of Attack is seen. As the community continues to share, every member organization achieves a stronger security posture.
This sharing system makes the collective knowledge of top security experts available to every community member. This is critically valuable for organizations that previously could not afford such deep expertise. In just its first two months, more than 600 Carbon Black customers and partners participated in the Carbon Black Detection eXchange.
