Security AnalyticsIntegrated Corvil – Carbon Black Security Solution

Unified Cyber-Threat Protection to Save Time for Security Teams

Thwart Cyber Attacks Faster with Unified Detection, Analysis, and Response

See all threat activity in real-time, fully correlated between the communication type, path, user, process, and file to provide maximum protection against cyber-attacks. Streamline detection, investigation, and response activity through a combined solution leveraging the most granular network-based deep content inspection integrated with the comprehensive endpoint visibility.

SOLUTION BENEFITS

  • Detect elusive attacks
  • Faster response
  • Reduced alert fatigue
  • Streamlined investigations
  • Integrated richer analysis
  • Improved efficiency and productivity

CHALLENGES

Fragmented tooling and visibility to fight increasingly complex attacks. Cyber attacks are ever increasing in their complexity, diversity, and sheer volume. Security teams are overburdened as they try to:

  • Combat internal and external threats
  • Thwart algorithmic, machine-driven attacks
  • Protect against a non-stop flow of new devices and vulnerabilities

While security teams have a multitude of tools comprehensive tools, their workflows often revolve around aggregation of shallow data sources or require jumping between fragmented systems. Security teams carry the overhead of correlating suspicious indicators across network, endpoint, and other surfaces and of manually identifying patterns of attack and compromise. This overhead results in too much time lost reacting to false alerts or chasing gaps in coverage and data discovered only during investigation.

“The integration of network and endpoint security solutions provides for a more complete and actionable set of analytics to combat cyber attacks and to provide operational efficiencies for security teams. This is especially true when incorporating the rich visibility of network packet-based security analytics solutions.”

Solution Overview

Corvil Security Analytics and Carbon Black Cb Response have come together to provide an integrated, comprehensive protection solution with the most granular visibility to thwart cyber-attacks. Our solution accelerates detection and response times, streamlines investigations and simplifies workflows so security teams can be more productive, efficient, and effective.

End-to-End Threat Visibility
Corvil and Carbon Black record all network and endpoint threat activity, respectively, to provide continuous, complete and real-time visibility and analysis. Our solution integrates external threat intelligence, tracks user activity across devices, identifies uninstrumented endpoints, correlates activity across endpoints and the network, and provides a risk prioritization empowering customers to detect the most elusive and emerging suspicious activity.

Live and Retrospective Investigation
By correlating visibility from deep content inspection of network traffic with the process, file, and intra-device activity, our integration provides adaptive content enrichment, adding dimensions related to source process, privileged user activity, even message content to reduce the time chasing false positives. As it is sometimes prohibitive to store a full record of network and endpoint activity, the integration enables automated capture and storage of enriched traffic triggered by high risk host activity.

Threat Hunting
With complete, granular, correlated visibility, security teams can proactively hunt for attacks. With visibility to tunneling activity, command and control, process –based activity, weak encryption, powershell scripts being accessed and run, and detailed knowledge of their environments, our integration provides heavy artillery to seek and put an end to attacks.

Response
Based on patterns of attack our solution provides automated and triggered quarantining of compromised hosts. By isolating the attack, remotely investigating, and seeing traffic flows from the host when re-activating, security teams can remediate rather than rebuilding compromised systems.

Ecosystem Enablement
Our correlated threat details can be live streamed or selectively integrated with a variety of SIEM and big data platforms to strengthen companies’ existing and planned security apparatus. Security teams can incorporate the most rich, complete source of end-to-end threat activity into orchestration and big data platforms for additional behavioral analysis.

Features

  • Packet to process visibility and seamless workflows
  • Self-creation of threat intelligence
  • Open integration with threat intelligence sources
  • Recursive context enrichment across network and endpoint
  • User, host, process, and domain-centric views
  • Identification of coverage gaps (uninstrumented hosts)
  • Automated quarantine response
  • Adaptive, automated packet capture
  • Passive, zero overhead network visibility combined with low overhead endpoint agents

Use Cases

  • Malware
  • Ransomware
  • Tunneling
  • Cross-process events
  • Weak encryption
  • Expired certificates
  • Lateral user movement
  • File and registry modifications
  • Privileged account activity tracking
  • Powershell scripts accessed and run
  • Command and control communications

201 days to identify a data breach, on average
26% lower costs, on average, when breaches are identified under 100 days

Ponenom Institute, 2016 Cost of Data Breach Study: Global Analysis



Carbon Black has designed the most complete next-gen endpoint security platform, enabling organizations to stop the most attacks, see every threat, close security gaps, and evolve their defenses. The Cb Endpoint Security Platform helps organizations of all sizes replace legacy antivirus technology, lock down systems, and arm incident response teams with advanced tools to proactively hunt down threats.

Corvil safeguards business in a machine world. Corvil Security Analytics is the most granular real-time network threat detection and forensics platform available. Corvil identifies malicious activity as it is happening and provides organizations with unequaled visibility and context to detect threats faster, to respond faster, and to streamline forensic investigations. Every packet, every microsecond - live and retrospective. Widely used by the largest banks and exchanges globally, Corvil’s real-time analytics enables market participants and venues to gain transparency into their digital business services, allows them to optimize the performance and customer experience of those services, detects cyber-threats and provides high-fidelity transaction information for business intelligence use.

The partnership combines two leading solutions trusted by the world’s most demanding organizations. The integration unifies the most granular network-based deep content inspection from Corvil and Carbon Black’s comprehensive endpoint visibility from Carbon Black for faster, more effective threat detection, analysis and response.