The current standard for threat intelligence focuses on Indicators of Compromise (IOC), which are cheap, fragile and inexpensive for an adversary to change. Through the Detection eXchange, Carbon Black customers and partners can collaborate and share “Patterns of Attack” (POA), threat intelligence encompassing the specific series of behaviors attackers use to compromise systems. These patterns include the root cause of attacks (e.g., exploits or vulnerabilities) and are far more far more expensive for an adversary to change than Indicators of Compromise (IOC). Patterns of Attack curated by members of the Detection eXchange are automatically leveraged by Carbon Black’s products to improve future detection.
The Carbon Black Detection eXchange connects security professionals from around the world. To date, Carbon Black has organized a large and diverse customer and partner ecosystem in the cyber security marketplace, bringing together the collective experience of more than 10,000 security professionals including:
- 2,000 customer organizations ranging from Fortune 100 organizations to regional retailers, and from multinational market leaders to state and local governments
- 70+ top incident response (IR) firms and managed security service providers (MSSP)
Carbon Black Detection eXchange & Patterns of Attack
The Carbon Black Detection eXchange enables any customer or partner in the Carbon Black network to share Patterns of Attacks, which identify the behaviors, techniques and tactics of malicious actors. “Patterns of Attack” are exponentially more revealing for defenders than “Indicators of Compromise,” which merely categorize a single, static piece of information that is relevant for a small window of time.
Once Patterns of Attack are identified in the Detection eXchange, they can be turned on as Watchlists within the Carbon Black Security Platform to automatically detect when malicious behavior occurs in an enterprise environment. Watchlists continuously apply threat intelligence against new and retrospective endpoint sensor data, to immediately stop those sets of behaviors from running again, thus preventing future attacks of the same kind. Watchlists from the community are automatically fed into the Cb Security Platform to alert all customers when that Pattern of Attack is seen. As the community continues to share, every member organization achieves a stronger security posture.
This sharing system makes the collective knowledge of top security experts available to every community member. This is critically valuable for organizations that previously could not afford such deep expertise. In just its first two months, more than 600 Carbon Black customers and partners participated in the Carbon Black Detection eXchange.
“The Carbon Black Detection eXchange has already proven extremely valuable to our enterprise incident response teams,” said Tim Ryan, managing director and practice leader, cyber security and investigations practice for Kroll, a global leader in risk mitigation, compliance, security, and incident response solutions, and a Carbon Black partner. “Through participation in the Detection eXchange, we regularly augment our expertise with timely and relevant cyber threat information.
Carbon Black Chief Technology Officer Michael Viscuso, said: “Simply put, the more attackers attack, the stronger we become as a community via the Detection eXchange. No organization should have to battle adversaries alone. In uniting the cyber-security community, we are empowering businesses to benefit from threat intelligence previously reserved for only those teams with mature security programs.”
To learn more about the Carbon Black Detection eXchange, click here.
Openly Published APIs & Carbon Black Developer Network
As a further commitment to empowering the security community via Collective Defense, Carbon Black has publicly published its APIs and open-sourced all of its third-party integrations. To date, 44 independent security companies have signed on to be Carbon Black Technology Alliance partners.
“Historically, vendors have only worked together when it’s advantageous to a company’s bottom line,” Viscuso said. “That self-serving approach no longer works. Customers should not be locked into a single security platform that doesn’t allow for integration with best-of-breed security at every layer of the stack. We welcome anyone in the security industry to access our APIs.”
As an additional commitment to uniting the security community, Carbon Black’s Developer Relations team has created the Carbon Black Developer Network to provide the security community the technical documentation required to build best-in-class defenses against today’s advanced threats.
About Carbon Black
Carbon Black is the leading provider of next-generation endpoint security solutions that enable organizations to disrupt advanced attacks and deploy what they believe are the best prevention strategies for their business. The company leverages the expertise of 10,000 security experts—from IR firms, MSSPs, security-focused VARs, and enterprise customers—to form a Collective Defense that shifts the balance of power from attackers back to security teams by breaking down barriers and enabling security professionals to collectively analyze attacks, determine root cause, and share threat intelligence. Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker’s every action, instantly scope every incident, and unravel entire attacks. Carbon Black also offers a range of prevention options so organizations can match their endpoint defense to their business needs. Forward-thinking companies choose Carbon Black to arm their endpoints, enabling security teams to: Disrupt. Defend. Unite™.
Carbon Black is a registered trademark of Carbon Black, Inc. All other company or product names may be the trademarks of their respective owners.