Partner Perspectives: The Power of Shared Intelligence: Juniper Sky ATP and Cb Response

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Scott Emo is the Director of Field Readiness, Security, for Juniper Networks.

Uncover and Mitigate the Most Sophisticated Cyber Attacks

The rapid growth of emerging technologies, combined with an increasing number of connected devices running business-critical applications in highly distributed environments, is producing an unprecedented amount of security event data. It is critical to have the right security tools in place in order to quickly detect and remediate these modern threats.

The ability to recognize advanced threats across the network, quickly share threat intelligence, and take immediate remediation actions is an absolute requirement for security teams to keep their environments safe.

Through their comprehensive open APIs, Juniper Sky ATP and Carbon Black’s Cb Response share threat intelligence to deliver a comprehensive, cloud-based, dynamic anti-malware solution that is tightly integrated with the Juniper Networks Unified Cybersecurity platform. This joint solution quickly correlates threat intelligence, identifies unknown threats and blocks impending attacks. The two major use cases for this solution are identifying and blocking compromised hosts, and sharing threat intelligence and remediation strategies.

1. Identify and Block Compromised Hosts:

Juniper Sky ATP receives threat intelligence from Carbon Black to protect users.

Juniper Sky ATP’s rich set of APIs and integration ecosystem can automate the ingestion of threat intelligence and IOCs from multiple sources, including Cb Response, to uncover the most sophisticated attacks.

Cb Response continuously monitors and records all activity on servers and endpoints to detect and stop cyber threats that evade traditional security defenses. It identifies compromised endpoint devices and shares infected host information with Juniper Sky ATP for threat remediation.

Threat intelligence imported by Juniper Sky ATP from Carbon Black is automatically ingested and distributed to Juniper’s Unified Cybersecurity platform, powered by SDSN, enabling enforcement on SRX Series/vSRX NGFWs and third-party switches.  This allows enterprises to quickly identify unknown threats and block impending attacks.

Key integration benefits:

  • Quickly detect attacks in progress and respond immediately
  • Deploy a commit-less, dynamic, automated workflow
  • Gain complete endpoint visibility

 

Watch how you can identify and block compromised hosts in this YouTube video.

2. Threat Intelligence Sharing and Remediation:

Cb Response receives threat intelligence feeds (IOCs) from Juniper Sky ATP to detect and investigate infected endpoints across the network.

Juniper Sky ATP shares threat intelligence in STIX format over TAXII. Cb Response has the ability to pull feeds from multiple sources, including Juniper Sky ATP.  In this integration, the TAXII service running on Juniper Sky ATP is configured to share threat intelligence when a threat threshold set on Juniper Sky ATP is exceeded.  The indicators of compromise (IOCs) contained in this feed can be compared to sensor data as it arrives by the Cb Response server. Matching IOCs are tagged and can be added to watchlists to identify other compromised hosts.

Key integration benefits:

  • Utilize shared threat intelligence to identify infected hosts and protect endpoint devices
  • Gain visibility into all endpoints and identify compromised hosts across your network
  • Identify and prevent malware spread and lateral threat propagation from compromised hosts

 

Watch how Juniper and Carbon Black share threat intelligence in this YouTube video.

 

To learn more about this partnership, visit the Juniper Networks Page on the Carbon Black Partner Locator.

To dive deeper into the topics discussed in this blog, check out this Solution Brief.

The post Partner Perspectives: The Power of Shared Intelligence: Juniper Sky ATP and Cb Response appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
97 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel