Carbon Black Announces Cb LiveOps, a New Offering on the Cb Predictive Security Cloud (PSC), Deliver

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Today is another exciting day for Carbon Black! Earlier, we announced the release of Cb LiveOps™– the newest offering built on our Cb Predictive Security Cloud™ (PSC). a platform delivering complete endpoint prevention, detection, and response, all from a single agent.

Cb LiveOps extends core functionality of osquery to empower organizations to ask questions of all endpoints, take action to remediate identified issues in real time, and simplify operational reporting. Going beyond the visibility provided by continuously recording endpoint detection & response (EDR), this solution gives users the ability to directly ask questions and get precise details about the current state of all endpoints across your environment in real time. Based on those results, teams can then remote shell into any problematic devices to perform in-depth investigation or remediation right from our cloud-based console.

In launching Cb LiveOps on the PSC alongside Cb Defense, we are combining the EDR functionality that most security teams rely on with the ability to understand and respond to the current state of all endpoints at scale, bridging the gap between security analysis and real-time IT operations. This gives customers a consolidated and comprehensive, cloud-delivered security stack – one that bridges security and IT operations. As a result, organizations can move away from existing offerings in the market, such as those offered by Tanium and CrowdStrike, to a solution that delivers a full suite of functionality serving both security and IT teams.

With Cb LiveOps, security teams can perform in-depth investigations, conduct remote remediation from the cloud, and perform on-demand vulnerability assessments, all within a single solution.

Bridging the Gap Between Security & IT Operations Gap

According to ESG research, 72% of organizations believe that security operations were more difficult in 2017 than two years prior. Organizations are spending billions on security systems, yet hackers are still able to penetrate networks, infiltrate systems, and hold sensitive data for ransom.  

And, according to the Verizon Data Breach Investigations Report, 87% of security compromises take minutes or less, yet more than two-thirds of these incidents remained undiscovered for months or more. And even when detected, many security teams don’t have the resources or staff to quickly remediate the problem. Often, teams simply re-image the devices, a process which drains time and money from the organization. These problems stem from a gap between the tools and priorities used by security teams for security analysis and those used by IT operations teams to understand current state and maintain up-to-date IT hygiene.

How Does Cb LiveOps Address The SecOps Problem?

In order to get security & IT operations teams and processes running smoothly, organizations need to have a shared single source of truth. If teams are looking at different information, in different consoles, gathered at different times, it can be difficult to be aligned and agree on what needs to be done. It’s important to have visibility into historical activity as well as information about the current state your endpoints. This helps to eliminate blind spots and provides the full context required to make the best decisions possible.  

Real-time query and remediation capabilities, like those found in Cb LiveOps, are a crucial part of this. With the addition of on-demand querying, it’s easy to check on the status of endpoints. build consistency into operational reporting, and fix potential vulnerabilities and hygiene issues.

And while it clearly takes more than a single solution to completely bridge the gap between teams, processes, and priorities associated with security and operations, we see Cb LiveOps as a leap forward when it comes to giving security teams the real-time visibility and control necessary to make more confident decisions that will reduce risk in their organizations.

Whether it is seen in the long term as bridging the SecOps gap or an evolution of EDR, we believe this marks a powerful shift that will continue to provide security team with more visibility into the current, resting state of all endpoints at scale, a feat which has previously been difficult, if not impossible, to achieve with true security products.

This is why we wanted to bring this functionality into the PSC in order to provide real-time query and remediation alongside advanced prevention, detection, and response functionality from a single platform that leverages one agent and one cloud-based console. It is imperative that security and operations teams continue to consolidate the technology stack to simplify processes and work together more efficiently to reduce the risk of breaches at their organization.

What Can You Do With Cb LiveOps?

At the core of Cb LiveOps is osquery, an open-source project that allows users to query their endpoints like a database using the SQL programming language. By integrating osquery into our platform, we are giving users access to more than 1,500 unique endpoint artifacts they can pull on demand while simplifying the deployment and management of the open-source tool.

We intend for this solution to act as a Swiss army knife that allows administrators to pull critical data to answer questions in a broad swath of scenarios.

Inspect Endpoints in Real Time

Security analysts need immediate answers to critical questions across their entire fleet of endpoints during attacks. Cb LiveOps provides access to thousands of unique endpoint artifacts to help analysts discover and analyze attacks to respond to incidents at a whole new level. For example, if during an investigation your security team determines that credentials have been stolen, Cb LiveOps can query all endpoints to see if, and where, the credentials have been used for attempted logins, and if, and where these credentials are currently in use.

Verify Patch-Level Compliance

Security and IT teams can use Cb LiveOps to automate queries of all endpoints and determine if all machines are at the right level of compliance. Additionally, to meet real-time or ongoing reporting needs, teams can use Cb LiveOps to automate operational reporting on patch levels, user privileges, disk-encryption status, and more.

Remediate Attacks Remotely

Once an attack is identified, Cb LiveOps allows administrators to open a session within seconds to terminate processes, delete files, or execute a background process to remediate the threat in real time — no matter where the compromised endpoints are located, eliminating uncertainty and greatly reducing any downtime that results from an attack.

We are excited to see Cb LiveOps change the game for security operations. To date, there has been a gap in security platforms, which lack the ability to make real-time inquiries across the entire endpoint fleet. By leveraging and extending osquery, the open-source tool used by hundreds of the world’s largest enterprises, we are filling this gap, delivering what we believe is the most complete security platform, which combines advanced prevention, detection, response, and IT operations delivered from the same agent, same login screen, and same UI as all other Carbon Black offerings on the PSC.

If you are looking to learn more about real-time query & remediation, register for our upcoming webinar: “The SecOps Imperative: How to Bridge the Security and Operations Gap.”

 

 

The post Carbon Black Announces Cb LiveOps, a New Offering on the Cb Predictive Security Cloud (PSC), Delivering Real-Time Query and Response appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
75 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.
Promoted Content
7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Everyday companies put more of their assets in digital form. Healthcare records, retail purchases and personnel files are just some of the many examples of how our entire lives have moved online. While this makes our interconnected lives more convenient, it also makes them more vulnerable to attack. The monetary benefits of exploiting these vulnerabilities have created an extremely profitable underground economy; one that mimics the same one we all participate in and has led to an increase in the sophistication and frequency of attacks. At the same time, mobility and cloud are changing the security landscape. We’ve moved from a centralized to a decentralized model as end users increasingly work on-the-go and access critical business applications and resources from anywhere. As such there is more emphasis on the endpoint and individual identities - from both the defender and the attacker - than ever before. As endpoints become smarter, new challenges emerge: emerging ransomware and 0-day exploits infect all kinds of systems with ease, while many attackers use no malware at all to accomplish their malicious goals. With all this change, we spoke to 7 leading security experts to identify what’s working and how they’ve influenced their organization to make the necessary changes before becoming the next victim.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel