Excerpts From: Do More with Less—How Endpoint Security in the Cloud is Helping Companies Stay Secu

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

If you’re responsible for security at your company, you know that you’re held back by things like limited budgets, a lack of skilled personnel, and too many security products complicating your stack.  In Carbon Black’s recent webinar, we discussed how endpoint security in the cloud can simplify your security stack and make it easy to investigate, remediate and hunt for threats.

Below are excerpts from the Q&A with speaker, Natalie Hurd:


Question: Can Cb Defense replace a traditional antivirus solution?

Natalie: Yes, it absolutely can. Cb Defense has been certified by Coalfire as an AV replacement.  This is because we include signature protection in our tools as our base layer of prevention.  Our protection comes from the cloud, but you can also include a local file on machines. So, if you have people going offline a lot, they’ll still have that signature prevention when they’re in an offline state.  However, you’re getting so much more than just signature based prevention. We cover those bases and check those boxes, but we also add extra layers of prevention against unknown attacks or when a trusted tool is invoked to act maliciously.

Question: Our current solution slows down our users’ endpoints, what kind of resource consumption am I looking at with Carbon Black?

Natalie: We remain consistently at less than 1% CPU on the endpoint. And that’s because we’re not doing full system scans at any one time. We’re sitting at that kernel level and observing all of the application executable behavior and doing all of the heavy lifting in the backend. Our sensors communicate with the cloud every 3 to 5 minutes about what they’re seeing populate that data up there. The policies are cached locally on the machine, so prevention is always there and always on but, again, all of that heavy lifting is happening in the back end.

Question: What exactly is unfiltered data and how does it benefit my security?

Natalie: I say unfiltered data because we take in all the data at the kernel level.  We’re recording all of the executions that are happening in the environment. We’re looking at every single file, every single application, the process of events. We capture everything that is happening on that endpoint.

Question: My team has limited resources—how much effort does it take to deploy Cb Defense?

Natalie: A one man IT shops can absolutely deploy and manage this solution.  The deployment is fairly simple and we have great policies that come pre-set up, out of the box, that don’t take any configuration to give you that next level of prevention.  You have the option to customize if you want to but, if manageability is a concern, that’s where something like Cb ThreatSight might come into play—if you want that extra set of eyes on your environment.  Then you don’t have to worry at night or on weekends about the state of things, because there are people watching over your environment.

Q: You mentioned that this is great for organizations that have remote workers.  Would a user traveling abroad be able to make that connection to the cloud for Cb Defense to protect them?

Natalie: Yes, absolutely. Any internet connection would establish a connection with the backend but, again, the policies are cached locally on the endpoint. If someone is abroad and they aren’t maintaining WiFi, they’ll still have that prevention.

Question: Will Cb Defense integrate with other solutions in my security stack?

Natalie: Yes! The biggest connections and integrations we see people use Cb Defense for are SIEM tools. We’re able to forward any amount of data through SysLogs or SIEM tools so you can see that data through a single pane of glass. But, Cb Defense also has an open, restful, API. And you can get creative with this in terms of pulling data out, or invoking live response actions etc.

Question: Can I schedule full scans moving forward? If an attack happens on one machine, I want to make sure that same attack didn’t happen elsewhere.

Natalie: The beauty of a solution that is always on and always recording is that you’ll have all of the data that you need about any endpoint for up to 30 days.  If you saw an infection on a machine and you want to see if it’s on another one, you can click into any device, and get any amount of data. You can use a filter to search through and investigate what’s happened on that device. Any information you need, you have at your fingertips.

Question: I’m not a security expert, but I’m responsible for my company’s security. How do I know what I need in a solution like this? Does Carbon Black offer resources to get this set up at my organization?

Natalie: Yes! The Verizon Data Breach Report showed that, out of all the successful breaches that have occurred in the past year, only 30% included known malware. So that leaves 70% of those attacks as non-malware. That’s why machine-learning and event stream processing are so critical to protection.  They focus on non-malware attacks and drill down to the behavioral level because we know attackers are continuing to innovate and get smarter. That’s why we think an approach like this is necessary today—to keep pace with the evolving threat landscape.

And to the second point, we have a lot of great internal resources, both when you purchase the product and moving forward.  We have a great professional services team that will help you deploy the tool and get those policies configured for the user groups in your environment. You’ll be put in the best prevention posture right off the bat. Also, Cb Defense training is completely free and available on-demand online through our technical academy. So, you not only get the training at setup, but it’s always available if you need a refresher or if you add new team members.

If you’re a small business and you want to know more about how moving to the cloud could benefit you.

Click Here

The post Excerpts From: Do More with Less—How Endpoint Security in the Cloud is Helping Companies Stay Secure appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
97 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel