Eliminating Dwell Time with Cb Response and Red Canary

Share and earn Cybytes
Facebook Twitter LinkedIn Email

How Can I Efficiently Organize and Lead the People on My Team?

Organizing your team to protect your environment with agility is a difficult task with all the varied skills and challenges related to traditional security operations center (SOC) structures.
We asked our partners at Red Canary, who every day provide security solutions that harness the visibility of Carbon Black’s products, to share how they keep up with the constantly evolving functions of today’s intelligence-driven security teams.

Here’s what Red Canary had to say:
“At Red Canary, efficiency starts with breaking down the structures seen in traditional SOCs. We have found the most success by moving beyond an operation that focuses solely on event analysis. To do this, we include our Intel team in engineering efforts, engineers in analysis efforts, and so on. Rather than assigning each team member a label to exclusively focus on, each person has a core ‘practice.’ They still develop and improve within their practice, but they are also challenged to engage with other functions in the SOC.

April 12, 2018 2:00PM EST

Live Webinar: Operationalizing Your Threat Hunt

Join Carbon Black and Red Canary for a live threat hunting demo.

Register Now

“This approach completely bucks traditional views of security operations, and has led to amazing innovation within our security team and around the investigation process. Our engineers are actively examining the analysis process, seeing the results, and continuously working to develop efficiencies for our analysis team. This approach has led to data analysis and automation efforts that have removed the need for in-depth investigation in nearly 10% of all threats. It has led to effective suppression that provides each individual analyst with the ability to ‘tune’ detection criteria during an investigation. That tuning is then used to automatically suppress potential threats in the future. Doing so has enabled our analysts to be 4-5X more efficient over the last three years, and much of this can be attributed to how we evolved our security team by removing more traditional, time-intensive job functions.”

Red Canary leverages the rich, unfiltered endpoint data from Cb Response to continuously monitor customers’ endpoints, review suspicious activity, eliminate false positives and provide actionable detections so customers can respond faster. Together, Carbon Black and Red Canary combine best-in-breed technologies and techniques to cover the full kill chain:

  • Carbon Black provides unfiltered visibility
  • Red Canary’s Threat Detection Engine and Carbon Black’s Predictive Security Cloud deliver unparalleled detection
  • Human analysts provide the intuition and expertise needed to focus on the most serious threats


The detailed detections and endpoint visibility with Carbon Black and Red Canary assist any team with the essential tools needed for rapid and complete response.




For more information on strategies, team structure, and processes to help blue teams transform their threat hunting efforts from an ad-hoc tactic into a regular operational effort, join Carbon Black and Red Canary for a live webinar on April 12th.

Register Now


The post Eliminating Dwell Time with Cb Response and Red Canary appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?