Carbon Black, a leader in next-generation endpoint security, unveiled the Carbon Black Integration Network (CbIN), a technology partner program designed to improve cybersecurity through collective defense and powered by Carbon Black’s†open APIs†and the†Cb Predictive Security CloudTM†(PSC).
Carbon Black also announced Juniper Networks, LogRhythm, and Phantom are all now part of CbIN and have leveraged Carbon Black’s open APIs to build productized integration with the PSC.
“LogRhythm and Carbon Black are empowering security teams to identify behavioral anomalies, detect internal and external threats, and prioritize responses utilizing enterprise-class security analytics that leverage machine learning and advanced scenario modeling,” said Matt Winter, LogRhythm’s VP of Marketing & Business Development. “By integrating with the Cb Predictive Security Cloud (PSC), LogRhythm provides security teams with complete visibility across their cloud and physical IT environments for faster, more efficient threat detection and response.”
Security teams today are plagued with problems ranging from a lack of technical expertise to limited visibility across the security stack to an increasing volume of security attacks. Integrations from CbIN could help alleviate these challenges by providing a†network of pre-integrated solutions†of widely used and emerging tech solutions that use the API — this same API is available for customers to build their own integrations.
CbIN represents vendors, customers, and security technologists that have leveraged Carbon Black’s open APIs to build integrations designed to benefit everyone.
“We’ve always employed a proactive security strategy that protects against advanced threats. Carbon Black’s open APIs are central to this strategy – they’ve enabled us to pull threat intelligence from Carbon Black into our SIEM to keep us more secure and extend the visibility of our data to our users. In addition to the security aspect, the integration also allows us to keep an inventory of our endpoints,” said Derick Reisman, Senior IT Security Specialist at Blue Cross Blue Shield of Florida. “I can pull up a dashboard and see how many sensors are installed, what version, policy, operating system, last check-in, etc. With Carbon Black integrations, our team can move much faster.”
Integrations are accessible on the†Carbon Black GitHub†repository. Examples of open-sourced integrations include:
- Export all process execution and endpoint network connection events through the†real-time Event Forwarder
- Send all Carbon Black data to another storage mechanism such as Hive or Hadoop
- Scan all collected binaries against Yara signatures
- Perform standard queries, but process the data in a script to output it in a certain way to support reporting, period queries, enriched process trees, etc.
- Consume threat indicators from CRITS
- Watchlist-sharing framework
- Subscribe to network connections and plot them on a world map
“As the leading security operations platform, Phantom continues to innovate with new capabilities aimed at simplifying integration with enterprise environments, while making data more readily available to SOC analysts and reducing mean time to resolution,” said Rich Hlavka, Phantom’s VP of Business Development. “By leveraging Carbon Black’s game-changing technology, the Predictive Security Cloud, Phantom is further empowering security teams with unmatched visibility, advanced analytics, and simplified workflow.”
“The Carbon Black Integration Network was built on the premise that a collective defense strategy is the foundation of any good security posture,” said Jim Raine, Carbon Black’s Director of Technology Alliances. “By integrating solutions across each security stack, every new addition brings new functionality to a customer’s entire security architecture. Security teams gain immediate insight and quickly derive more value from existing security investments. We’ll continue to empower our entire ecosystem by adding integrations so companies can easily adopt and use solutions that fit their specific needs.”
