CB Defense is an industry-leading next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is delivered through the CB Predictive Security Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set. CB Defense is certified to replace AV and designed to deliver the best endpoint security with the least amount of administrative effort. It protects against the full spectrum of modern cyber attacks, including the ability to detect and prevent both known and unknown attacks. CB Defense leverages the powerful capabilities of the CB Predictive Security Cloud, applying our unique streaming analytics to unfiltered endpoint data in order to predict, detect, prevent, respond to and remediate cyber threats. In addition, CB Defense provides a suite of response and remediation tools, including Live Response, which allows security personnel to perform remote live investigations, intervene with ongoing attacks and instantly remediate endpoint threats. For peace of mind, CB Defense customers can also leverage CB ThreatSight, Carbon Black’s managed threat alert service, to validate alerts and uncover new threats. CB Defense is available through MSSPs or directly as software as a service. Key Capabilities Single Agent, Cloud Platform CB Defense is delivered through the CB Predictive Security Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and dataset. Streaming Prevention with Minimal False Positives CB Defense’s unique, data-driven prevention technology is certified to replace AV, using predictive modeling that identifies and stops more known and unknown threats including malware, fileless attacks, and ransomware. This technology eliminates the black magic typically associated with machine learning, minimizing misses and false positives. Complete Endpoint Visibility CB Defense gives you a clear, comprehensive picture of endpoint activity using unfiltered, tagged data that allows you to easily search and investigate endpoints, follow the stages of an attack, and identify root cause so you can close security gaps. Improved Efficiency Between Security & IT Ops CB Defense breaks down the walls between IT Operations and Security with simple workflows and built-in tools for live incident response, real-time investigations, and team collaboration. In addition, flexible policy configurations allow you to explicitly tailor your prevention, keeping users happy without compromising security. FEATURES

• Signatures and cloud-based reputation to stop malware

• Streaming prevention to stop advanced fileless attacks

• Online and offline prevention

• Flexible prevention policies

• Customizable executive dashboard

• Interactive attack chain visualization

• Live Response: real-time threat remediation

• PCI and HIPAA compliant

• Open APIs integrate with your security stack

Even the most effective security teams are often forced to play catch up during emergency situations due to limited time and resources to perform regular, proactive analysis and evaluate potential risks. Any delays during the investigation prolongs downtime and leaves the organization open to increased risk. Once the scope of an attack is understood, dispersed processes and tool sets can cause bottlenecks that delay the remediation of problematic endpoints. CB LiveOps is a real-time query and remediation solution that gives teams faster, easier access to audit and change the system state of endpoints across their organization.
By providing administrators with real-time query capabilities from a cloud-native endpoint protection platform, CB LiveOps enables teams to make quick, confident decisions to improve their security posture. CB LiveOps closes the gap between security and operations, allowing administrators to perform full investigations and take action to remotely remediate endpoints all from a single solution. Key Capabilities Single Agent, Cloud Platform CB LiveOps is built on the PSC, a cloud-native endpoint protection platform that offers converged prevention, detection, and response with additional services that can be activated as you need them, using the same converged agent, without any additional deployment or infrastructure. On-Demand Queries CB LiveOps gives your Security & IT Operations team visibility into even the most precise about the current system state of all endpoints, enabling you to make quick, confident decisions to reduce risk. Immediate Remote Remediation CB LiveOps closes the gap between security and operations, giving administrators a remote shell directly into endpoints to perform full investigations and remote remediations all from a single cloud-based platform. Simplified Operational Reporting CB LiveOps allows you to save and re-run queries to automate operational reporting on patch levels, user privileges, disk encryption status and more to stay on top of your everchanging environment. FEATURES

• Pre-Built Recommended Queries

• Easy query builder

• SQL query (open text field)

• Copy & Re-run Queries

• Save and favorite queries

• Email notifications

• Filter and group results

• Data export

• Secure shell for remote remediation

• Two-way API

Attackers are bypassing traditional endpoint security. In response there has been a proliferation of security products in an attempt to stop them. The result is too much complexity and not enough efficacy. Imagine if instead of having all of these different technologies you could have a single platform that simplifies your security stack and gives you better protection. The CB Predictive Security Cloud (PSC) is an endpoint protection platform that consolidates security in the cloud, making it easy to prevent, investigate, remediate and hunt for threats. While other endpoint security products only collect a filtered dataset related to what’s “known bad,” the PSC collects all endpoint activity data, because attackers intentionally look normal in order to hide their attacks. This unfiltered data is the unique power of the PSC, delivering:

• Superior Protection: Stop more attacks, take back control over your endpoints, and worry less. The PSC applies predictive modeling to unfiltered data to stay one step of ahead of sophisticated threats.

• Actionable Visibility: Cut down the guesswork and close security gaps fast. The PSC accelerates investigations by giving you a comprehensive picture of endpoint activity and empowers you to respond quickly.

• Simplified Operations: While most endpoint security programs require multiple siloed systems that burden end users and complicate management, the PSC consolidates multiple capabilities in the cloud using a single endpoint agent, console and dataset.

BENEFITS

• Reduced cost and complexity of security stack

• Decreased risk of breach

• Clear insight into root cause of attack

• Quickly respond to security incidents

• Automated remediation and threat containment

• Seamless integration with other security solutions

• Increased security operations efficiency

• Greater ability to meet compliance requirements

FEATURES

• Consolidated prevention, investigation, remediation, and hunting

• Predictive, real-time threat intelligence based on big data analytics

• Unfiltered endpoint data from millions of endpoints worldwide

• Real-time query and remediation

• Rapid deployment of new security features and algorithms

• Simplified processes between Security and IT Operations

• Easy to deploy, configure, and use at enterprise scale

• Open APIs to extend workflows and leverage high value data

• Out-of-the-box integrations with your security stack

Carbon Black Services
CB Defense
Next-generation antivirus and EDR
CB Defense for VMware®
Next-generation security for the software-defined datacenter
CB LiveOps
Real-time endpoint query and remediation
CB ThreatSight
Managed threat alert service
CB ThreatHunter
Incident response and threat hunting for SOC teams
CB Protection
Application control and critical infrastructure protection

Highly targeted assets demand perfect security, but can’t afford loss in performance. Critical systems are increasingly targeted because they contain the most valuable information. These systems cannot afford a moment of unscheduled downtime or performance degradation as they are the lifeblood of the organization. They often run on out-of-date or unsupported operating systems, which are costly to secure and support. The most common approach to defending these systems typically relies on layering multiple, ineffective security products, which is costly, creates risk and jeopardizes performance. CB Protection is an industry-leading application control product, used to lock down servers and critical systems, prevent unwanted changes and ensure continuous compliance with regulatory mandates. Leveraging cloud reputation services, IT-based trust policies and multiple sources of threat intelligence from the CB Predictive Security Cloud, CB Protection ensures that only trusted and approved software is allowed to execute on an organization’s critical systems and endpoints.
CB Protection combines application whitelisting, file integrity monitoring, full-featured device control and memory/tamper protection into a single agent. CB Protection watches for behavioral indicators of malicious activity and conducts continuous recording of attack details to provide rich visibility into everything suspicious that attackers attempt to do. With the addition of the File Delete feature, CB Protection is now a direct control for requirement 5 of PCI DSS, enabling customers to remove traditional antivirus without the need for undergoing the compensating control process.
Security teams can harden their new and legacy systems against all unwanted change, simplify the compliance process, and provide the best possible protection for corporate systems at enterprise scale. CB Protection is available through MSSPs or directly through on-premise.
Key Capabilities
CB Protection is a powerful positive security solution for data centers and critical systems that allows server admins to control change while consolidating agents. Using a ‘Default Deny’ approach, CB Protection reduces your attack surface and downtime by automating approval of trusted software and eliminating the burden of whitelist management.
Lock Down Critical Systems
Stop malware and non-malware attacks by preventing unwanted changes to your applications and files, providing you with the control over your environment that you need.
Ensure Continuous Compliance
Accelerate compliance by meeting many of the requirements in regulatory standards and frameworks, such as PCI-DSS, HIPAA/HITECH, SOX, NERC CIP, GDPR and NIST 800-53.
High Performance and Low Touch Application Control
Be confident that your solution is blocking the “bad” and allowing the “good” without interrupting daily operations.

Enterprise security teams struggle to get their hands on the endpoint data they need to properly investigate and proactively hunt for abnormal behavior. Security and IT professionals lack the ability to see beyond suspicious activity and need a way to dive deeper into the data to make their own judgments. CB Response is an industry-leading incident response and threat hunting solution designed for security operations center (SOC) teams. CB Response continuously records and stores unfiltered endpoint data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain. It leverages the CB Predictive Security Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of record for evidence and detection of these identified threats and patterns of behavior. Capabilities

• Continuous and Centralized Recording
• Live Response for Remote Remediation
• Attack Chain Visualization and Search
• Automation via Integrations and Open APIs

Benefits

• Faster end-to-end response and remediation
• Accelerated IR and threat hunting with unfiltered endpoint visibility
• Rapid identification of attacker activities and root cause
• Secure remote access to infected endpoints for in-depth investigation
• Better protection from future attacks through automated hunting
• Unlimited retention and scale for the largest installations
• Reduced IT headaches from reimaging and helpdesk tickets

Advanced Threat Hunting & IR in the Cloud Enterprise security teams struggle to get their hands on the endpoint data they need to investigate and proactively hunt for abnormal behavior. Security and IT professionals currently lack the ability to see beyond suspicious activity and need a way to dive deeper into the data to make their own judgments.
CB ThreatHunter is an advanced threat hunting and incident response solution delivering unfiltered visibility for top security operations centers (SOCs) and incident response (IR) teams.CB ThreatHunter is delivered through the CB Predictive Security Cloud (PSC), a next-generation endpoint protection platform that consolidates security in the cloud using a single agent, console and dataset.
By leveraging the unfiltered data collected by the PSC, CB ThreatHunter provides immediate access to the most complete picture of an attack at all times, reducing lengthy investigations from days to minutes. This empowers teams to proactively hunt for threats, uncover suspicious behavior, disrupt active attacks and address gaps in defenses before attackers can.
Along with unfiltered visibility, CB ThreatHunter gives you the power to respond and remediate in real time, stopping active attacks and repairing damage quickly.
Key Capabilities
Complete Endpoint Protection Platform
Built on the CB Predictive Security Cloud, CB ThreatHunter provides advanced threat hunting and incident response functionality from the same agent and console as our NGAV, EDR and real-time query solutions, allowing your team to consolidate multiple point products with a converged platform.
Continuous & Centralized Recording
Centralized access to unfiltered endpoint data means that security professionals have all the information they need to hunt threats in real time as well as conduct in-depth investigations after a breach has occurred.
Attack Chain Visualization & Search
CB ThreatHunter provides intuitive attack chain visualization to make identifying root cause fast and easy. Analysts can quickly jump through each stage of an attack to gain insight into the attacker’s behavior, close security gaps, and learn from every new attack technique to avoid falling victim to the same attack twice.
Live Response for Remote Remediation
With Live Response, incident responders can create a secure connection to infected hosts to pull or push files, kill processes, perform memory dumps and quickly remediate from anywhere in the world.
Automation via Integrations & Open APIs
Carbon Black boasts a robust partner ecosystem and open platform that allows security teams to integrate products like CB ThreatHunter into their existing security stack.

As enterprises face a shortage of skilled security professionals, security teams often spend too much time monitoring and validating alerts, which limits their ability to address other security needs. Moreover, when prevalent outbreaks occur, security team investigations are limited by the resources and data available in their own environment, making it difficult to craft an effective remediation plan until the full scope and root cause of an event is determined. CB ThreatSight helps solve these problems by providing an industry-leading, subscriptionbased monitoring service for CB Defense. Built directly on the CB Predictive Security Cloud™ (PSC) platform which applies big data analytics across unfiltered data from millions of endpoints, CB ThreatSight is staffed by a world-class team of security experts who are constantly studying and analyzing the data in the PSC using advanced machine learning and algorithmic toolsets. Offered as a managed service directly from Carbon Black, threat hunters on the CB ThreatSight team work side by side with you to validate and prioritize alerts, uncover newthreats, and accelerate investigations with capabilities such as predictive root cause reporting. Key Capabilities Threat Validation and Insight With round-the-clock eyes on glass, your team can have true peace of mind knowing that an additional layer of experts are helping to ensure threats don’t get missed. Carbon Black’s security experts work side by side with your own team to validate alerts and provide additional human insight to speed up remediation for improved stability and resource utilization. Monthly Reporting Our CB ThreatSight experts provide monthly reports that summarize monthly activity across your environment, including the most common suspicious events and most targeted machines. These reports serve as a starting point for refining policies, help your team see big picture trends and make executive reporting effortless. Outbreak Advisories Carbon Black’s Threat Analysis Unit constantly monitors threat trends across the globe. When widespread and newsworthy outbreaks occur our ThreatSight team sends out advisories that include indicators of compromise, giving your team a jump-start on assessing risk and closing gaps. FEATURES

• Threat validation

• Email alerting

• Root cause analysis

• Threat advisories

• Monthly reporting