Partner Perspectives: Orchestrating Endpoint Security with CyberSponse and Carbon Black

Type carbonblack
Reporter Shanleigh Reardon
Modified 2018-10-17T13:00:44


Amit Jain is the Principal Technical Product Manager at CyberSponse.

Today's network security infrastructures are complex beasts. Increasing mobile and cloud deployments have made managing endpoint security more challenging than ever before. The dynamic and ever-evolving nature of today’s cybersecurity attacks continue to beat traditional defense methods to plant new forms of disguised attacks. Being able to understand the nature of these attacks and respond quickly at all levels of the cyber kill chain is crucial for an effective remediation and containment strategy.

CyberSponse deeply integrates with Carbon Black products, including Cb Defense, Cb Response and Cb Protection, to provide Carbon Black users with a complete solution that leverages CyberSponse’s security orchestration and automation capabilities. This joint solution orchestrates investigation, remediation and containment actions out of a single console to facilitate a robust and dynamic endpoint security solution.

Partnership Overview

CyberSponse and Cb Defense: Cb Defense uses advanced predictive models to analyze complete endpoint data and uncover malicious behavior to stop all types of attacks before they compromise systems.

Using CyberSponse's automation framework, analysts can:

  • Find a device status
  • Locate events in Carbon Black
  • Receive alerts that include associated events
  • Create and manage security policies and rules in Carbon Black

Leveraging this integration, these actions can be made part of investigation, remediation and containment flows to stop malware, ransomware and non-malware attacks effectively, while also ensuring compliance.

CyberSponse and Cb Protection: Cb Protection is a comprehensive endpoint threat protection solution that is highly effective in locking down systems to stop malware, ransomware, zero-day and non-malware attacks in highly regulated environments.

The integration of CyberSponse and Cb Protection allows analysts to blend actions, such as:

  • Hunt file
  • Block and unblock file or file hash on endpoints
  • Get detailed information about an endpoint
  • Manage approval requests
  • Get policy details and much more.

Thus, using the CyberSponse automated playbook framework to help design automated flows, analysts are able to respond much faster and dynamically by blending these actions into their remediation and containment strategies from a single console.

CyberSponse and Cb Response: Cb Response is a highly-scalable, real-time threat hunting and incident response (IR) solution delivering unfiltered visibility for top security operations centers and IR teams. It captures comprehensive information about endpoint events, giving security professionals a clear understanding of what happened. Through the integration with CyberSponse, analysts can leverage the power of visibility that Cb Response provides in their automation workflows.

Actions available through this integration include:

  • Retrieve detailed sensor information and processes
  • Isolate and un-isolate sensors
  • Terminate processes on endpoints
  • Hunt and delete files
  • Block and unblock hashes
  • Search and manage alerts
  • Fetch watchlists

This solution presents numerous dynamic possibilities and enables Carbon Black users to build powerful automation workflows to manage endpoint security better than ever before.

With 250+ integrations available through CyberSponse, the above integrations with Carbon Black’s suite of products add immense value for the analysts battling to manage the dynamic and ever-evolving nature of today’s threats, while also ensuring endpoint security. Apart from the integrations, CyberSponse, being a leader in SOAR space, provides a highly configurable and role-based enterprise case management solution and reporting facility that helps store and represent investigation data in the most meaningful manner.

For more details visit

The post Partner Perspectives: Orchestrating Endpoint Security with CyberSponse and Carbon Black appeared first on Carbon Black.