When protecting a network, each endpoint or device is a possible entry point for attacks. With more devices on the network than ever before – thanks to trends such as cloud computing, IoT, and BYOD – an organizations’ attack surface is bigger than ever, and the need for comprehensive threat detection and response is critical.
Awake tackles this issue by helping organizations capture and surface all activity that happens on their network, and mapping that activity back to devices and people, giving your security team a full picture of who is on the network and what they’re up to. This encompasses traffic from both managed devices (those that the organization is already aware of and monitoring) as well as unmanaged devices (those that employees or third-parties and outsiders bring into your network that are not under the security team’s direct purview).
For managed devices, however, organizations are often able to garner further context about the entity and its user, making it easier for organizations to detect, respond to, investigate, and hunt for threats. Carbon Black is one of the most popular endpoint security solutions taking this approach, offering a window into the managed devices on a network by placing a lightweight agent on each of the organizations’ endpoints. In doing this, Carbon Black collects comprehensive, unfiltered data tied to each endpoint’s activities and behavior, giving security teams deep insight that enables them to analyze and uncover all types of attacks.
The Power of Awake Security + Carbon Black
As we continue to focus on putting all relevant information at the analyst’s fingertips, we’ve partnered with Carbon Black to further enrich our EntityIQ™ device profiles. When a security analyst using Awake pulls up data for a device with a Carbon Black sensor installed, those details are automatically fetched and displayed seamlessly within the Awake platform. This includes information such as host name, operating system, and isolation status – all displayed within the Awake dashboard.
Furthermore, security teams can take actions right from within the Awake platform. A single click brings up EDR details in the Cb Response™ dashboard to give the analyst further context, while the drop-down menu in the Awake dashboard allows them to add or remove device isolation (quarantine) without ever leaving the Awake user interface.
Achieving Comprehensive Threat Detection and Response
Managed devices, like those monitored with Carbon Black, often make up a significant portion of the endpoints on any corporate network. However, there are also unmanaged devices that can pose an equal if not greater threat to network security. Coupling Awake’s solution with the data from Carbon Black gives security teams deeper visibility and more actionable data than ever before. They are also able to act on their conclusions, isolating compromised devices in a seamless and rapid fashion, and containing the impact of any possible breach. And perhaps just as importantly, integrations like these eliminate the possible errors when analysts are forced to swivel between tools – either with post-it notes or from memory.
As they say, you’re only as strong as your weakest link, and analysts can’t afford to have any blind spots.
For more information about our integration with Carbon Black, get in touch with the team at [email protected]. You can also find a full list of our technology alliance partners at https://awakesecurity.com/partners/.
By Colin Wahl