Partner Perspectives: Protecting Against Fileless Malware with BluVector and Carbon Black

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Josh Rosenthol is the Alliance and Integration Manager for BluVector.

The Challenge of Fileless Malware

“The infectiousness of crime is like that of the plague.” -Napoleon Bonaparte

While first spoken over 200 years ago, this quote is remarkably relevant to the modus operandi of malware authors and threat actors today. Malicious actors look for attacks that work, copy them and use them to exploit similar vulnerabilities in new targets. Because of this, malware breeds more malware.

Fileless malware is current example of this strategy. So far in 2018, according to the Ponemon Institute, only a third of all malware included fileless techniques; however, 77% of all successful attacks were partially or completely fileless. This success rate is not a secret, and malware authors are increasingly investing in fileless attack methods. By the end of 2018, it is expected that close to 50% of all attacks will use fileless techniques.

Comprehensive Breach Protection from Network to Endpoint

BluVector® is an AI-driven sense and response network security platform designed to accurately and efficiently detect, analyze and contain sophisticated threats in real time, including fileless malware, zero-day malware, and ransomware. When deployed with Carbon Black, the solutions come together to provide end-to-end and immediate protection from advanced malware, while driving significant efficiency improvements throughout the security organization.

With a fileless attack, such as cryptojacking, the malware can begin to harm a compromised endpoint almost immediately. Even if detected within seconds of the initial installation, the malware is likely to have already moved laterally throughout the organization, infecting large swaths of the network. Rapidly seeing and responding to the attack before the compromise is crucial, and the integrated solution provided by BluVector and Carbon Black can identify the attempt to subvert system resources and stop the threat before business is impacted.

Integrating AI-driven Network Detection with Advanced Endpoint Security

When BluVector detects confirmed, file-based or fileless threats, the platform communicates the details of the attack to Carbon Black and all of its protected endpoints. Depending on the policies of the Carbon Black deployment, Carbon Black may automatically block the specific identified threat, contain the endpoint via a quarantine or alert an analyst to begin remediation efforts.

In the case of suspicious events, BluVector communicates all the event details and supporting context to Carbon Black. This enables an automated or analyst-led hunt for the identified threat on all protected endpoints, whether within the corporate network or on remote systems. Traditionally, investigating suspicious activities could take hours, but the details made available by BluVector and Carbon Black can reduce this effort to a fraction of the time.

By providing a full view of an event from the network to the endpoint, BluVector and Carbon Black help analysts to quickly understand, respond to and remediate all types of security alerts.

If you want to learn more about implementing comprehensive breach protection with BluVector and Carbon Black, take a look at the joint solution guide which goes into further detail about the integration and workflows.

The post Partner Perspectives: Protecting Against Fileless Malware with BluVector and Carbon Black appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?