Back in [Carbon] Black

Brian Beyer

Share this Project

Yesterday’s big news in the endpoint detection and response market is the evolution of Bit9+Carbon Black to the simple and sleek Carbon Black. As the earliest Carbon Black partner using the product when it was first being prototyped, we at Red Canary are very excited to continue building our technology and service alongside Carbon Black for three primary reasons:

1. Carbon Black leads the EDR market

They’ve done an exceptional job bringing the Carbon Black products to every vertical and every size business, and we’ve seen firsthand how the product has evolved and improved with that diverse customer feedback. No other company is so widely regarded as the endpoint security leader.

2. The product is a true platform

Everything in the user interface is backed by a RESTful API and designed to be built upon. That means you as a practitioner can automate anything you’d do in the user interface. Want to automatically assign alerts triggered from a certain watchlist against your overseas servers to your overseas response team? You can do that in a few lines of Python.

At Red Canary, we’re integrated into the Carbon Black Response platform at every level. We process raw endpoint sensor events as they happen in our Threat Detection Engine and identify threats using our behavioural analysis, user behavior analytics, and threat intelligence. Our point-and-click Response Mode automates cleanup of a threat using the Carbon Black Live Response capabilities behind the scenes.

We always keep a close eye on other EDR platforms on the market and we can tell you with certainty: no one has the extensibility of the Carbon Black Response platform.

3.You need Protection, Detection, and Response

We’re not alone in beating the Prevention + Detection + Response drum – even as far back as 2010, Neil MacDonald at Gartner said “Protection = Prevention + Detection”.

The Bit9 Security Platform is now known as Carbon Black Enterprise Protection; Carbon Black is now Carbon Black Enterprise Response. I think that highlights how we should expect to see the products continue to evolve as the market leaders in EDR Prevention and Response.

So where does Red Canary fit?

It’s simple: we are and have always been focused on building the best endpoint threat detection solution on the market. We’ll dip our toes into the Prevention and Response spaces when we know it will make your security 10x better, but continue to expect Red Canary to bring you “set and forget” Fortune 100-grade endpoint security for your organization.

Exciting times ahead for the Carbon Black team, Red Canary, and the EDR industry as a whole…