Picus Security &
vmware Carbon Black
Helping Customers Fully Utilize their Carbon Black EDR
Endpoint Detection and Response (EDR) technologies provide a range of telemetry to enable security professionals to discover malware that is difficult to find. These solutions come with advanced policy options, and it is important to fully utilize them to be able to remain resilient against the changing threat landscape. Building such organizational capabilities and skills are key in achieving efficient SOCs and lowering the time to detect and respond to intrusions. Well implemented and managed EDR solutions enable advanced threat discovery across all endpoints giving a complete view of every end-user activity, incident and intrusions. In order to help Carbon Black EDR admins benefit from these functionalities fully, working as part of the Picus Cyber-defense Validation Platform, Picus Detection Analytics reveals undetected malicious activities coupled with ready to apply Carbon Black Detection Rules.
- VMware Carbon Black EDR
- Picus Security Detection Analytics & Mitigation
The technology alliance between Picus Security & VMware Carbon Black helps pinpoint undetected malicious activities and provides policy and correlation rule updates specific to VMware Carbon Black EDR.
Picus & VMware Carbon Black Integration
The technology integration between Picus Security and Carbon Black aims at providing:
proactive detection visibility to reveal security gaps,
guidance on which existing rules should be activated,
detection rule content specifically developed for Carbon Black EDR.
Based on the threat emulation results stored in Picus Manager, Picus Detection Analytics reveals any detection gap that may exist on Carbon Black EDR in relation to the Picus attacks. In order to empower EDR admins and engineers to address these gaps instantaneously, Picus Detection Analytics shows the already existing but not activated Carbon Black detection rules, or “watchlists” as named by Carbon Black. If there is no built-in watchlist against a malicious technique, EDR admins this time could utilize the watchlists developed by the security experts in Picus Labs’ Blue Team. These rules are provided in the Picus UI, and they are continually developed as new threats are added to the Picus Threat Library.
Picus Labs applies rigorous testing processes before adding watchlists to the Picus platform in order to avoid false positives. The Picus UI helps users to easily associate gaps with false-positive free rules to alleviate alert fatigue and the overwhelming detection rule creation burden. This innovative approach and integration help users make the most out of their advanced Carbon Black EDR investments and pre-emptively mitigate cyber risk
*Threat alarm created by a Picus rule
Picus Detection Analytics delivers the peace of mind SOC teams need by:
- validating if the log mechanisms work across the whole network consistently,
- revealing the detection capabilities and configuration problems of the security stack,
- assessing and enhancing the alerting capabilities of EDR platforms,
- decreasing the dwell time,
- making residual risk visible to all stakeholders,
- making evidence-based decision making possible,
- increasing the detection capabilities of security controls by instrumenting Picus Mitigation Library, and being in operation around the clock.