WALTHAM, Mass.: Carbon Black has unveiled the Detection eXchange, a place where thousands of security experts worldwide can collaborate in real time to curate information about cyberattacks and how to stop them.
The current standard for threat intelligence focuses on Indicators of Compromise (IOC), which are cheap, fragile and inexpensive for an adversary to change. Through the Detection eXchange, Carbon Black customers and partners can collaborate and share “Patterns of Attack” (POA), threat intelligence encompassing the specific series of behaviors attackers use to compromise systems. These patterns include the root cause of attacks (e.g., exploits or vulnerabilities) and are far more expensive for an adversary to change than Indicators of Compromise (IOC). Patterns of Attack curated by members of the Detection eXchange are automatically leveraged by Carbon Black’s products to improve future detection.
The Carbon Black Detection eXchange connects security professionals from around the world. To date, Carbon Black has organized a large and diverse customer and partner ecosystem in the cyber security marketplace, bringing together the collective experience of more than 10,000 security professionals including:
· 2,000 customer organizations ranging from Fortune 100 organizations to regional retailers, and from multinational market leaders to state and local governments
· 70+ top incident response (IR) firms and managed security service providers (MSSP)
Carbon Black Detection eXchange & Patterns of Attack
The Carbon Black Detection eXchange enables any customer or partner in the Carbon Black network to share Patterns of Attacks, which identify the behaviors, techniques and tactics of malicious actors. “Patterns of Attack” are exponentially more revealing for defenders than “Indicators of Compromise,” which merely categorize a single, static piece of information that is relevant for a small window of time.
Once Patterns of Attack are identified in the Detection eXchange, they can be turned on as Watchlists within the Carbon Black Security Platform to automatically detect when malicious behavior occurs in an enterprise environment. Watchlists continuously apply threat intelligence against new and retrospective endpoint sensor data, to immediately stop those sets of behaviors from running again, thus preventing future attacks of the same kind. Watchlists from the community are automatically fed into the Cb Security Platform to alert all customers when that Pattern of Attack is seen. As the community continues to share, every member organization achieves a stronger security posture.
This sharing system makes the collective knowledge of top security experts available to every community member. This is critically valuable for organizations that previously could not afford such deep expertise. In just its first two months, more than 600 Carbon Black customers and partners participated in the Carbon Black Detection eXchange.
“The Carbon Black Detection eXchange has already proven extremely valuable to our enterprise incident response teams,” said Tim Ryan, managing director and practice leader, cyber security and investigations practice for Kroll, a global leader in risk mitigation, compliance, security, and incident response solutions, and a Carbon Black partner. “Through participation in the Detection eXchange, we regularly augment our expertise with timely and relevant cyber threat information.”
Carbon Black Chief Technology Officer Michael Viscuso, said: “Simply put, the more attackers attack, the stronger we become as a community via the Detection eXchange. No organization should have to battle adversaries alone. In uniting the cyber-security community, we are empowering businesses to benefit from threat intelligence previously reserved for only those teams with mature security programs.”