Excerpts from Preparing for NGAV at Scale: Fastest Investigation & Response

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Carbon Black recently published a guide to help enterprises gauge their readiness in their initial search for next-generation antivirus, or NGAV; this is an excerpt from that guide, which you can find here. For more information about how Cb Defense, Carbon Black’s NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo, every Wednesday at 2PM EST, 11AM PST.


Preparing for NGAV at Scale

Stopping Attacks in Progress Starts with Asking the Right Questions

During a response scenario, every minute counts. The longer it takes to address an issue the more risk your business faces.

Visibility is the foundation of investigation and response. Without a full picture of everything that’s is happening and has happened, response teams are at a significant disadvantage to address threats at their core. Since compromises are measured in a matter of minutes, response teams need to be able to go from a detection of a potential indicator of attack to root cause analysis in nearly the same amount of time if the negative effects of the breach are to be mitigated. To achieve that level of speed, you need the right data and the ability to analyze and prioritize it quickly and efficiently.

After an incident has been discovered, new risks emerge; unscheduled downtime of systems and people can cost the business greatly, and resources dedicated to reimaging can pull away from other critical IT activities. This is a function of the dated separation between IT operations and security; it unnecessarily gets more groups involved to perform time-intensive tasks related to fixing endpoints targeted in an attack.

QUESTIONS TO ASK YOURSELF

  • What would you say is your average response time to a security incident (from point of detection to point of resolution)?
  • In a typical month how many machines are re-imaged as a result of a security incident?
  • How confident are you that your security team can easily search for relevant information about infected endpoints during an investigation?

In response to this, when evaluating NGAV, enterprises should ensure that the platform:

  1. Provides contextual analysis based on a complete dataset of endpoint events to remove time-intensive forensic activities and fast-track root cause analysis.
  2. Contains native capabilities to quarantine infected machines and address their issues remotely.
  3. Supports intuitive search functions that helps responders find the right information quickly and effectively.

______________________________________________

 

For more information about how Cb Defense, Carbon Black’s NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo, every Wednesday at 2PM EST, 11AM PST.

Watch Now

______________________________________________

 

WHAT DOES CARBON BLACK PROVIDE?

Cb Defense provides administrators with the fastest way to investigate and remediate attacks in progress, eliminating uncertainty and reducing downtime:

  • Faster, more precise investigations to reduce exposure
  • Real-time remediation of any endpoint from a central console
  • Get end users back to work quickly without calling IT

KEY FEATURE: Live Response

Cb Defense enables responders to establish a secure remote shell into any system to get information, perform memory dumps, or run scripts for full remediation in minutes whether or not they are on your corporate network.

KEY FEATURE: Enhanced Search

Cb Defense allows your to search based on key-value categories with auto-populated search suggestions, making it really easy to run more advanced and specific searches to quickly find the information you are looking for.


Thanks for joining us as we explore “Preparing for NGAV at Scale,” our in-depth guide to help enterprises gauge their readiness in their initial search for next-generation antivirus, or NGAV. You can click here to get a copy of the full report. Join us next week as we continue to profile this report.

The post Excerpts from Preparing for NGAV at Scale: Fastest Investigation & Response appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
153 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel