viperagp - Fotolia

Carbon Black bets on next-generation antivirus

Carbon Black is betting on next-generation antivirus technology by acquiring Confer to extend the capability and appeal of its endpoint protection offerings

Traditional antivirus (AV) is no longer meeting the security needs of organisations, with most looking to replace it with a more effective alternative, according to security firm Carbon Black.

“We have seen a sea-change in the market, with more organisations wanting to invest in more effective next-generation antivirus (NGAV) systems, said Patrick Morley, president and CEO of Carbon Black.

“Most organisations want to eliminate traditional AV so they can re-allocate their AV budgets to NGAV systems that have better detection rates, are easier to deploy, are easy to administer, and that provide context around what they are doing so that the security team knows how best to respond to alerts,” he told Computer Weekly.

According to Gartner’s 2016 Magic Quadrant for Endpoint Protection Platforms, 44% of reference customers for endpoint protection platforms (EPPs) have been compromised.

This has triggered a race to NGAV. According to Morley, however, most security suppliers have championed their products as a complement to, not a replacement for, traditional AV.

Many of the so-called NGAV systems, he said, are only partial solutions relying on technology such as machine learning.

“Machine learning, especially when it is pre-execution, static analysis based, typically looks at a set of file attributes, but that is like taking a photo of someone and trying to decide if they are good or bad,” said Morley.

“This is especially difficult if attackers are using obfuscated malware or simply exploiting standard administration tools like Powershell to do bad things. Machine learning is great technology, but it is only part of the solution,” he added.

Behavioural analytics

Carbon Black believes behavioural analytics provides the key to NGAV that can replace traditional AV systems completely.

Carbon Black has identified security firm Confer as a leader in NGAV, with behavioural analytics at its core, and reached an agreement to acquire Confer and integrate its technology into Carbon Black’s next-generation EPPs.

According to Morley, Confer’s biggest customer chose its NGAV product after tests showed that it detected 98% of sample malware, compared with a 79% detection rate by a machine-learning based NGAV product and just 45% by a traditional AV product.

Carbon Black is betting on behaviour-based NGAV to appeal to all organisations seeking to improve their cyber defence capabilities.

“Most of our current customers are high-end businesses with relatively high levels of information security maturity,” said Morley.

By acquiring Confer, Carbon Black will offer NGAV to all businesses, he said, and then work with them over time to take them on a journey towards greater security maturity.

“We want to enable customers to buy in on us and our vision of a world that is safe from cyber attacks, and then to grow with us over time. We will enable them to replace AV straight away, and then, in time, they can add other parts of our portfolio across their IT estate,” said Morley.

“Our objective with Confer’s NGAV is to make Carbon Black accessible to every company of every size and security maturity level in every sector,” he said.

The acquisition is also aimed at giving Carbon Black a competitive advantage over rivals such as Symantec, Palo Alto Networks, Cylance and CrowdStrike.

“We are now able to offer the greatest breadth of endpoint security to the market by adding Confer’s NGAV, to be renamed Cb Defense, to Carbon Black’s application control, incident response and threat hunting products that serve more than 2,000 organisations globally,” said Morley.

“This means organisations of every size can now address their endpoint security requirements through a single platform,” he said.

Prevention, detection, response

According to Doug Cahill, senior analyst at ESG, the emerging next-generation endpoint security market is about more than prevention.

“Security suppliers that offer a comprehensive security platform comprised of prevention, detection and response capabilities will lead the transition from prior generation solutions.

“With the addition of Confer, Carbon Black is offering such a next-gen platform to address the ever-evolving threat landscape,” he said.

Mark Quinlivan, co-founder and chief executive officer at Confer, said NGAV systems need to take a far more innovative approach in stopping attacks and be much more effective than legacy AV.

“We built Confer to provide a sophisticated, lightweight yet simple solution that includes groundbreaking prevention, detection and incident response,” he said.

Cb Defense combines behaviour-based prevention techniques with integrated detection and response capabilities to stop cyber attacks.

Its cloud-based, deep analytics approach blocks both malware and increasingly common malwareless attacks that exploit memory and scripting languages.

Once malware is blocked, Cb Defense gives organisations visibility into how the attack happened, which enables them to proactively fix security problems.

According to Carbon Black, Cb Defense uses a lightweight sensor that installs in less than a minute and consumes less than 1% of the CPU, disk and network.

Cb Defense is aimed at stopping most attacks using a combination of endpoint data and the Cb Collective Defense Cloud, seeing every threat by recording and analysing all endpoint activity, and closing every gap by providing threat visibility to enable organisations to be more proactive.

Confer’s cloud-based analytics engine will become part of the Cb Collective Defense Cloud, which provides an assessment of what’s safe and what’s not, based on advanced analytics techniques applied to data from millions of endpoints.

The Cb Collective Defense Cloud continuously records data from more than seven million endpoints protected by Carbon Black products, enhances and enriches the data with threat intelligence from dozens of sources, including Carbon Black’s Detection eXchange and partner feeds, applies analytic techniques including machine learning, artificial intelligence and behavioural analytics to large datasets of attacks, threats, behaviours and anomalies, and streams context and insight to Carbon Black’s offerings where attacks are blocked at the endpoint.

According to Carbon Black, continuous interactions between the Cb Collective Defense Cloud and Carbon Black’s offerings will strengthen the system’s ability to identify malicious activity and become more resilient over time.

Read more about behavioural analytics

Read more on Endpoint security