Carbon Black, a leader in next-generation endpoint security, and Fortinet, securers of the largest enterprise, service provider, and government organisations around the world, have joined forces to provide clients with highly effective, automated protection against advanced threats and previously unknown malware. Both Carbon Black and Fortinet are vendor partners in southern Africa of Networks Unlimited, a leading value-added distributor within the Sub-Saharan African market offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes.

A recent three-day event held across Gauteng, Durban and Cape Town unveiled the Carbon Black Enterprise Protection for Fortinet FortiSandbox, which reduces the risk of lost data and business continuity. Carbon Black was represented by Sam Linford, EMEA regional sales director, and Rob Huikeshoven, senior regional sales engineer; Fortinet representation came from Paul Williams, Fortinet country manager, and Jakes Wolfaardt, Fortinet systems engineer, enhanced technologies; while managing director Anton Jacobsz and Stefan van de Giessen, Fortinet and Carbon Black business unit manager spoke for Networks Unlimited.

Jacobsz clarifies, “Carbon Black’s suite of best-in-class next generation endpoint security solutions helps companies to detect, prevent and respond to the most advanced cyberattacks. The recent event was planned to showcase the powerful integration Carbon Black has with the various Fortinet products to ensure a better security posture for the end user.”

Carbon Black Enterprise Protection for Fortinet FortiSandbox provides accelerated incident response and verifies all files entering the environment. The joint solution solves four key security challenges, namely analysis, prioritisation, investigation and remediation of threats entering the system.

· The Carbon Black Cb Enterprise Protection continuously monitors and records all activity on servers and endpoints to detect and stop cyberthreats that evade traditional security defences. It can identify new, apparently benign, files for additional inspection by Fortinet FortiSandbox in order to uncover the most sophisticated attacks.

· Fortinet Advanced Threat Protection (ATP) delivers integrated and automated threat prevention, detection and mitigation throughout the entire organisation and across the full attack lifecycle.

· Working together, a powerful protection solution is created.

Accelerated incident response

The integration of the Carbon Black Cb Enterprise Protection within Fortinet Advanced Threat Protection increases efficiency and response time to previously unknown threats, and reduces the risk of lost data and business continuity by prioritising high risk alerts while filtering out non-actionable events. Specifically, when Fortinet FortiSandbox detects previously unknown malware on the network. The solution automatically confirms the location, scope and severity of the threat on your endpoints and servers. It can also be configured to take immediate automated or operator-assisted response actions.

Four key security challenges solved

Automatic analysis: When files arrive on the environment’s endpoints and servers, Cb Enterprise protection pinpoints those that are malicious and need to be stopped, by automatically submitting all new files to Fortinet’s dual-level sandbox to quickly determine the risk of each file. Criteria-driven rules determine which files need to be stopped.

Prioritisation: Once alerts are received, Cb Enterprise Protection automatically correlates granular risk-based alerts from Fortinet FortiSandbox with Carbon Black’s realtime endpoint sensor and recorder data to determine which are most actionable. The alerts are prioritised based on the number of system infected, and the solution quickly decides if an alert requires escalation.

Threat investigation: The Carbon Black/Fortinet solution locates every instance of a suspicious file across the endpoints and servers to accelerate an incident response, alerting IT security to such points as where a file landed, if it executed, how many machines it is affecting, and if further action is required.

Remediation: The security solution is able to stop the attack and prevent it from happening again, as it automatically enforces endpoint and server security policies based on intelligence. This allows IT security to immediately stop malicious software from spreading throughout the enterprise and prevent it from affecting machines in the future.

Concludes Jacobsz, “We are seeing that legacy antivirus protection is failing and only working some of the time. Traditional antivirus solutions look for the known villains and thereafter they may quarantine what they find, in this way being able to stop the malware. However, the multiple new variants of malware today mean that traditional antivirus vendors can’t keep up. Legacy antivirus software finds files only, as does machine-learning antivirus software.

“Carbon Black’s solution is able to find files plus attacks using streaming prevention, which is a real time sensor on the end point that uses an event tag to defend against attacks. It is able to stop malware and non-malware; prevent the entry of ransomware and the occurrence of zero-day attacks; and provides offline prevention and customisable security groups. In this way, Carbon Black has shown us that next-gen endpoint protection and endpoint detection and response (EDR) solutions are absolutely critical to companies who want to move away from outdated and ineffective products.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.