Eliminating Dwell Time with Cb Response and Red Canary

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

How Can I Efficiently Organize and Lead the People on My Team?

Organizing your team to protect your environment with agility is a difficult task with all the varied skills and challenges related to traditional security operations center (SOC) structures.
We asked our partners at Red Canary, who every day provide security solutions that harness the visibility of Carbon Black’s products, to share how they keep up with the constantly evolving functions of today’s intelligence-driven security teams.

Here’s what Red Canary had to say:
“At Red Canary, efficiency starts with breaking down the structures seen in traditional SOCs. We have found the most success by moving beyond an operation that focuses solely on event analysis. To do this, we include our Intel team in engineering efforts, engineers in analysis efforts, and so on. Rather than assigning each team member a label to exclusively focus on, each person has a core ‘practice.’ They still develop and improve within their practice, but they are also challenged to engage with other functions in the SOC.


April 12, 2018 2:00PM EST

Live Webinar: Operationalizing Your Threat Hunt

Join Carbon Black and Red Canary for a live threat hunting demo.

Register Now


“This approach completely bucks traditional views of security operations, and has led to amazing innovation within our security team and around the investigation process. Our engineers are actively examining the analysis process, seeing the results, and continuously working to develop efficiencies for our analysis team. This approach has led to data analysis and automation efforts that have removed the need for in-depth investigation in nearly 10% of all threats. It has led to effective suppression that provides each individual analyst with the ability to ‘tune’ detection criteria during an investigation. That tuning is then used to automatically suppress potential threats in the future. Doing so has enabled our analysts to be 4-5X more efficient over the last three years, and much of this can be attributed to how we evolved our security team by removing more traditional, time-intensive job functions.”

Red Canary leverages the rich, unfiltered endpoint data from Cb Response to continuously monitor customers’ endpoints, review suspicious activity, eliminate false positives and provide actionable detections so customers can respond faster. Together, Carbon Black and Red Canary combine best-in-breed technologies and techniques to cover the full kill chain:

  • Carbon Black provides unfiltered visibility
  • Red Canary’s Threat Detection Engine and Carbon Black’s Predictive Security Cloud deliver unparalleled detection
  • Human analysts provide the intuition and expertise needed to focus on the most serious threats

 

The detailed detections and endpoint visibility with Carbon Black and Red Canary assist any team with the essential tools needed for rapid and complete response.

 

______________________________________________

 

For more information on strategies, team structure, and processes to help blue teams transform their threat hunting efforts from an ad-hoc tactic into a regular operational effort, join Carbon Black and Red Canary for a live webinar on April 12th.

Register Now

______________________________________________

The post Eliminating Dwell Time with Cb Response and Red Canary appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
74 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.
Promoted Content
7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Everyday companies put more of their assets in digital form. Healthcare records, retail purchases and personnel files are just some of the many examples of how our entire lives have moved online. While this makes our interconnected lives more convenient, it also makes them more vulnerable to attack. The monetary benefits of exploiting these vulnerabilities have created an extremely profitable underground economy; one that mimics the same one we all participate in and has led to an increase in the sophistication and frequency of attacks. At the same time, mobility and cloud are changing the security landscape. We’ve moved from a centralized to a decentralized model as end users increasingly work on-the-go and access critical business applications and resources from anywhere. As such there is more emphasis on the endpoint and individual identities - from both the defender and the attacker - than ever before. As endpoints become smarter, new challenges emerge: emerging ransomware and 0-day exploits infect all kinds of systems with ease, while many attackers use no malware at all to accomplish their malicious goals. With all this change, we spoke to 7 leading security experts to identify what’s working and how they’ve influenced their organization to make the necessary changes before becoming the next victim.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel