Partner Perspectives: Protecting Against Fileless Malware with BluVector and Carbon Black

ID CARBONBLACK:67F5969D8D799871EDBA4473E8381393
Type carbonblack
Reporter Shanleigh Reardon
Modified 2018-09-19T13:00:47


Josh Rosenthol is the Alliance and Integration Manager for BluVector.

The Challenge of Fileless Malware

> #### “The infectiousness of crime is like that of the plague.” -Napoleon Bonaparte

While first spoken over 200 years ago, this quote is remarkably relevant to the modus operandi of malware authors and threat actors today. Malicious actors look for attacks that work, copy them and use them to exploit similar vulnerabilities in new targets. Because of this, malware breeds more malware.

Fileless malware is current example of this strategy. So far in 2018, according to the Ponemon Institute, only a third of all malware included fileless techniques; however, 77% of all successful attacks were partially or completely fileless. This success rate is not a secret, and malware authors are increasingly investing in fileless attack methods. By the end of 2018, it is expected that close to 50% of all attacks will use fileless techniques.

Comprehensive Breach Protection from Network to Endpoint

BluVector® is an AI-driven sense and response network security platform designed to accurately and efficiently detect, analyze and contain sophisticated threats in real time, including fileless malware, zero-day malware, and ransomware. When deployed with Carbon Black, the solutions come together to provide end-to-end and immediate protection from advanced malware, while driving significant efficiency improvements throughout the security organization.

With a fileless attack, such as cryptojacking, the malware can begin to harm a compromised endpoint almost immediately. Even if detected within seconds of the initial installation, the malware is likely to have already moved laterally throughout the organization, infecting large swaths of the network. Rapidly seeing and responding to the attack before the compromise is crucial, and the integrated solution provided by BluVector and Carbon Black can identify the attempt to subvert system resources and stop the threat before business is impacted.

Integrating AI-driven Network Detection with Advanced Endpoint Security

When BluVector detects confirmed, file-based or fileless threats, the platform communicates the details of the attack to Carbon Black and all of its protected endpoints. Depending on the policies of the Carbon Black deployment, Carbon Black may automatically block the specific identified threat, contain the endpoint via a quarantine or alert an analyst to begin remediation efforts.

In the case of suspicious events, BluVector communicates all the event details and supporting context to Carbon Black. This enables an automated or analyst-led hunt for the identified threat on all protected endpoints, whether within the corporate network or on remote systems. Traditionally, investigating suspicious activities could take hours, but the details made available by BluVector and Carbon Black can reduce this effort to a fraction of the time.

By providing a full view of an event from the network to the endpoint, BluVector and Carbon Black help analysts to quickly understand, respond to and remediate all types of security alerts.

If you want to learn more about implementing comprehensive breach protection with BluVector and Carbon Black, take a look at the joint solution guide which goes into further detail about the integration and workflows.

The post Partner Perspectives: Protecting Against Fileless Malware with BluVector and Carbon Black appeared first on Carbon Black.