Service integrates with real-time endpoint visibility to rapidly detect advanced threats
The Threat Intelligence Cloud is an integral component of the Bit9 + Carbon Black endpoint security solution, which features "always-on" and continuously-recording sensors that maintain the relationships of every file execution, file modification, registry modification, network connection and executed binary. The Bit9 Security Platform and Carbon Black automatically correlate their data with threat intelligence from the Threat Intelligence Cloud to detect advanced attacks without relying on signatures, prioritize response in seconds, and prevent advanced attacks using proactive and customizable techniques.
The three key elements of the Threat Intelligence Cloud service are:
• Attack Classification—Uses intelligence feeds from third-party sources to help enterprises identify the type of malware and the threat actor group behind an attack. This enables security teams to have a better understanding of attacks so they can respond more quickly and effectively. Customers also can leverage their own intelligence feeds to enhance their capabilities. Threat Intelligence Cloud feed providers include:
|-- abuse.ch: Tracks command-and-control servers for Zeus, SpyEye and Palevo malware while combining domain name blocklists.|
-- iSIGHT Partners: Comprehensive cyber intelligence feed connecting security technology and operations to the business.
-- Malware Domain List: Tracks domains used by malware.
-- National Vulnerability Database: Flags executed applications vulnerable to one or more Common Vulnerabilities and Exposures (CVE).
-- ThreatConnect: A community-based threat intelligence platform that enables users to collaborate and share information on the newest emerging threats.
-- Tor: A list of active Tor Node IP addresses.
• Advanced Threat Indicators (ATI)—Developed by the Bit9 + Carbon Black threat research team and delivered from the Threat Intelligence Cloud, ATIs run on the Bit9 and Carbon Black products on customers' premises to monitor and examine many key system facets. ATIs perform real-time monitoring of files, registry, process, memory execution and more to identify potential compromise or infection. ATIs also can examine the recorded history of endpoint activity that Bit9 and Carbon Black maintain to "reach back in time" and retrospectively identify advanced threats and malware. Customers also are able to create custom ATIs to meet the specific needs of their environments.
"Bit9 + Carbon Black customers are able to take full advantage of the most comprehensive threat intelligence available on the market," said
About Bit9 + Carbon Black
Bit9 + Carbon Black offers the most complete solution against the advanced threats that target your organization's endpoints and servers. This makes it easier for you to see—and immediately stop—those threats.
Carbon Black's lightweight endpoint sensor, which can be rapidly deployed with no configuration to enable detection and response in seconds, combined with Bit9's industry-leading prevention technology, delivers four key benefits:
• Continuous, real-time visibility into what's happening on every computer
• Real-time threat detection, without relying on signatures
• Instant response by seeing the full "kill chain" of any attack
• Prevention that is proactive and customizable
Thousands of organizations worldwide—from 25 Fortune 100 companies to small businesses—use Bit9 + Carbon Black to increase security, reduce operational costs and improve compliance. Leading managed security service providers (MSSP) and incident response (IR) companies have made Bit9 + Carbon Black a core component of their detection and response services. With Bit9 + Carbon Black, you can arm your endpoints against advanced threats. For more information, visit www.bit9.com.
Bit9 is a registered trademark of