Carbon Black Debuts Threat Hunting On Endpoint Protection Platform

Carbon Black has unveiled Cb ThreatHunter to deliver new threat hunting and incident response capabilities to Security Operations Centers and incident response teams.

The Waltham, Mass.-based endpoint security vendor said Cb ThreatHunter continuously collects unfiltered data, making it easier for security teams to proactively hunt threats, uncover suspicious and stealthy behavior, disrupt active attacks, repair damage quickly, and address gaps in defenses.

Investigations that often took days or weeks can now be completed in just minutes with Cb ThreatHunter, according to Carbon Black. The news was unveiled Wednesday at the Cb Connect user conference in New York.

[Related: Carbon Black Updates Application Control Tool To Delete Malicious Files]

As an organization, Carbon Black has always believed that customers should have visibility into as much data as possible to see and stop all possible attacks, according to Ryan Polk, senior vice president and chief product officer. Combining Cb ThreatHunter with the company's multitenant predictive Software-as-a-Service platform should drive better capabilities for customers across the market, Polk said.

Cb ThreatHunter will provide organizations with an unfiltered data set on top of their prevention and detection capabilities, Polk said. Combining Carbon Black's new offering with the Cb LiveOps real-time query and response tool will provide customers with new and redefined capabilities around static hunting, according to Polk.

Carbon Black said most existing endpoint detection and response (EDR) and incident response tools collect only a limited set of historical data. As a result, Carbon Black said SOCs and incident response teams struggle to get their hands on the information they need to investigate, proactively hunt, and remediate attacks.

The unfiltered data set is unique to Carbon Black, Polk said, and it took the company multiple years to build that capability. Layering in advanced threat hunting built on unfiltered data will differentiate Carbon Black from the competition, Polk said.

Polk said Carbon Black is able to find new, bad things as they're happening and respond to the attacks in real time. This makes it possible for customers to achieve a better understanding of their environment and be able to do more and different things with their data, according to Polk.

Cb ThreatHunter was inspired by Cb Response, Carbon Black's EDR offering that today has more than 2,000 active customers, according to the company. Cb ThreatHunter makes it possible for security teams to hunt threats even if an endpoint is offline, Carbon Black said.

"This is the next evolution of that product," Polk told CRN.

With this level of visibility, researchers using Cb ThreatHunter can see what happened at every stage of an attack with intuitive attack-chain visualizations, along with uncovering advanced threats and minimizing attacker dwell time. Using behavioral context to gain additional insight helps stop attacks as quickly as possible, according to Carbon Black.

The new tool's detection engine, meanwhile, combines customer and cloud-delivered threat intelligence with automated watchlists and other security integration to help scale hunting, Carbon Black said. The advanced detection features allow security teams to proactively explore environments for abnormal activity, leverage cloud-delivered threat intelligence, and automate repeat hunts.

Cb ThreatHunter will initially be offered as a stand-alone product available on a subscription basis, Polk said, with specific pricing information not being disclosed. Partners supporting Cb ThreatHunter will be able to sell the product and have it in their customer's hands in a matter of minutes, according to Polk.

Solution providers looking to build their own practice can add more functionality around Cb ThreatHunter by selling complementary products and services alongside the tool, Polk said.

The extensibility of the Cb Predictive Security Cloud (PSC) endpoint protection platform also makes it possible for developers to create custom watchlists that power real-time detection and correlate data across the security stack, according to Carbon Black.

Security teams using Cb ThreatHunter can rapidly deploy and scale the offering across their enterprise without investing in on-premises infrastructure since the tool since the tool is natively built on Carbon Black's PSC. By eliminating excess costs and processes, the company said Cb ThreatHunter enables organizations to simplify their operations and focus their energy on hunting and responding to threats.