Content Copyright © 2014 Bloor. All Rights Reserved.
Also posted on: Fran Howarth
Bit9 and Carbon Black announced recently that the two companies were to merge and, for the time being at least, will be known as Bit9 + Carbon Black in order to signal the importance of the two brands. On the back of this news, the newly combined company received a further US$38.25 million in funding.
This merger underscores the importance of the dynamic market for advanced threat protection technologies. The threat landscape organisations face today is so complex and sophisticated that, no matter how hard organisations try, some attacks will always be successful. With this merger, organisations will benefit from one integrated technology platform to both prevent the majority of threats from breaching their defences and to remediate those that do.
Bit9 is a specialist in endpoint protection, acting as a ‘security camera’ for all endpoints and servers that connect to networks—the doors and windows into an organisation—tackling threats as they attempt to enter the network. Carbon Black brings to the table the ability to respond to incidents in a matter of seconds when an incident is detected. As well as real time protection, the platform enables forensic analysis to find the root cause of incidents and how they wormed their way through the networks to find the full extent of the damage done. With these capabilities, organisations can dramatically reduce the attack surface and rapidly detect and respond to threats.
Taken together, the platform addresses five major needs for advanced threat protection:
- Visibility into what is happening on the network, from endpoints to backend systems, so that the organisation knows what processes are running, what binaries have been executed and what files are being used, what changes are being made to registry settings, what network connexions are being made and the relationships among all of these.
- Detection of all threats, even zero-day threats, in real time and retrospectively with the aid of comprehensive threat intelligence feeds.
- Response through capabilities that include the ability to search across all big data sets generated by every machine, provision of visualisation and analytic techniques to optimise incident response efforts, and the ability to contain and control all threats.
- Prevention of incidents by focusing on critical systems and high-risk users, by analysing every new file encountered for security threats and by immediately blocking advanced threats.
- Integration of network and endpoint security controls at both file and network layers to enable real time response to incidents and prevention of threats, as well as integration with other security controls and systems.
Such a platform allows organisations to adopt an adaptive security posture that actively tackles the constantly evolving threat landscape and that is capable of adapting to meet new challenges and future needs. The market for advanced threat protection as a whole is seeing considerable investment poured into it and this merger, along with the additional funding received, validates the need for organisations to take a holistic approach to security.