Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Carbon Black, IBM Partner on Attack Remediation

Endpoint security firm Carbon Black announced a new partnership with IBM Security that will allow Carbon Black endpoint threat data to feed into IBM’s BigFix for instant attack remediation.

Endpoint security firm Carbon Black announced a new partnership with IBM Security that will allow Carbon Black endpoint threat data to feed into IBM’s BigFix for instant attack remediation.

Announced today, the partnership addresses a major problem for the enterprise: vulnerability management. According to Gartner, “Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.” Rapid patching can help this problem; but enterprises have so many endpoints with so many vulnerabilities that prioritizing patches is difficult if not impossible.

The Carbon Black / Big Fix approach is to focus vulnerability management onto the most pressing need — the endpoint vulnerabilities that are actually being exploited right now. With Carbon Black detecting the attack, Big Fix is able to prioritize patch remediation to all endpoints that contain the vulnerability, and all can be patched automatically. This process responds to the most pressing need while dramatically reducing the attack surface for the entire enterprise.

The process is conceptually simple. “We have an agent on every endpoint,” explained Tom Barsi, Carbon Black’s SVP business development. “That agent collects all relevant data from every endpoint and sends it to a central server. It’s like a video recorder of events. We record all file modifications, registry modifications, executed binaries and more — but we’re looking at executables so we don’t collect any personal information.”

At the central server, Carbon Black’s threat detection algorithms, driven by machine learning, can detect malicious activity in real time. “Once we detect that something has been hit,” he continued, “we send that data directly through the new automated integration with Big Fix; and Big Fix immediately patches all of the endpoints with the same application and therefore the same vulnerability — so it gives the user the ability to prioritize patching across the enterprise and reduce the attack surface.”

Carbon Black claims to be the market leader in endpoint threat detection. Although it is next-gen technology, it was founded 14 years ago (as Bit9) in 2002. Bit9 acquired Carbon Black in 2014, and changed its own name to Carbon Black earlier this year. It has more than 2,000 customers including 30 of the Fortune 100, and has more than 7 million endpoints under management. With such a solid foundation in large enterprises, it makes sense to integrate its own threat detection with the vulnerability remediation available from IBM. IBM acquired BigFix in 2010.

The potential weakness in machine learning-based threat detection is that although it is good at detecting new and unknown threats, it does not itself include automatic threat removal capabilities. Traditional anti-virus, which built its reputation on detecting known threats, could also remove those threats because they were known. It is less easy to develop threat removal for unknown threats. For this reason, Barsi suggested two additional approaches. The first is that he does not believe that next-gen endpoint security should be seen as a replacement for traditional anti-virus. 

“You still need a solution, such as traditional anti-virus, for known bad attacks. AV can detect, stop, and clean known bads. That need doesn’t go away. So now you need the ability to address known bads (AV), and the ability to address the new unknown bads (next-gen machine learning).” The solution to the latter problem, he suggests, is the Carbon Black integration with IBM’s QRadar SIEM, which can isolate compromised endpoints for investigation and cleaning.

Advertisement. Scroll to continue reading.

“We’ve also integrated with the QRadar SIEM platform,” he said, “and customized the ability to ingest our data into that SIEM. On top of QRadar,” he added, “we’ve built a new app that allows the user to take action on Carbon Black data directly from the QRadar console. QRadar has analytics and orchestration capabilities backed by IBM’s Watson technology, so while it is collecting data from Carbon Black, QRadar can apply Watson capabilities — and the user can take action directly on the endpoint from the QRadar console. The Carbon Black app on QRadar has the ability to quarantine suspect endpoints automatically, depending on the enterprise’s security policy and posture.”

The key feature of this new announcement from Carbon Black is that the IBM partnership allows speedy and targeted threat remediation and vulnerability management to precisely where it is needed, in almost real time. Part of the agreement is that IBM customers will be able to purchase Carbon Black directly from IBM.

Last week The Wall Street Journal reported that Carbon Black has made a confidential IPO filing under the JOBS Act.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.