Case StudiesCarbon Black Response

Operationalizing Carbon Black Response: 5 Success Stories

Carbon Black Response (CB Response) can be an extremely powerful tool, but most security teams lack the expertise and time required to manage it. Read the success stories of five security teams that partnered with Red Canary to turn CB Response into a mature detection and response capability.

 

Medical center

Challenge: Free up resources consumed with triage and investigation

A mid-sized medical center implemented CB Response to get better visibility into its endpoints and defend against evolving threats. But the security team found that managing CB Response alongside all its other daily operational tasks was extremely difficult. Inundated with 100,000+ alerts and binaries that needed to be investigated, the in-house security analyst was only able to devote time to investigate a limited number of alerts, leaving uncertainty about what attacks might have been missed.

 

Solution

Partnering with Red Canary enabled the medical center’s security team to stop chasing alerts and focus on other parts of the security program. The organization trusts Red Canary to thoroughly analyze its environment and pinpoint the threats that require immediate action.

Key benefits

  • 100+ hours of in-house security analyst time saved per month
  • Faster threat detection and remediation
  • Continuous threat hunting and expert investigation of every potential threat

Manufacturer

Challenge: Gain immediate EDR capabilities

An industrial manufacturer needed visibility into its endpoints to safeguard valuable intellectual property (IP). The small security team wanted to deploy CB Response, but they knew they wouldn’t be able to manage the high volume of data and alerts the tool would generate. With only two employees running both information security and IT services for thousands of endpoints, they needed someone dedicated to managing the tool in order to make the implementation effective.

 

Solution

Red Canary delivered the organization a fully operational EDR deployment on day one. The Red Canary Cyber Incident Response Team (CIRT) continuously monitors endpoint activity, investigating all potential threats and providing detailed reporting on any confirmed malicious activity.

Key benefits

  • Fully operational endpoint detection and response (EDR) on day one
  • Quick detection and investigation of each threat
  • Deep visibility and effective tools to limit dwell time and remediate threats

Technology company

Challenge: Enlist a team of highly focused experts

A rapidly growing technology company regularly faced advanced attacks and needed to safeguard valuable intellectual property (IP) against threats that slipped past antivirus. The infrastructure security team knew that CB Response would add a critical layer of protection—but it would also require a high level of technical expertise. They’d need to analyze all the data, write rules and logic, and investigate alerts. The team leader realized this would require either heavy automation and additional staff, or a very technical managed services provider.

 

Solution

With Red Canary, the company gained a high level of technical expertise across multiple disciplines: analysis, threat research, incident response, forensics, and engineering. Red Canary quickly detects, investigates, and validates each threat, and the company’s internal security team has the deep visibility and effective tools to limit dwell time and remediate threats.

Key benefits

  • 24/7/365 access to expert security analysts who investigate threats and eliminate false positives
  • Visibility into endpoint activity without the burden of sifting through mountains of data
  • Confidence that endpoints and intellectual property are protected against advanced threats and zero-day attacks

Investment firm

Challenge: Cut detection and response time

A private investment firm rolled out a managed Carbon Black solution through its existing MSSP, but discovered that threats often lingered in their network for days or weeks at a time. The director was convinced that CB Response was the best EDR sensor due to its depth of visibility into endpoint activity and robust forensics capabilities. However, the managed EDR service offered through the firm’s MSSP was not effective.

 

Solution

The director knew that Red Canary had a strong partnership with Carbon Black and deep expertise in managed endpoint detection and response. After deploying Red Canary, the firm saw an immediate improvement in detection efficiency and response times. Whereas it previously took days or weeks to detect a threat, Red Canary enabled the team to control the situation within minutes or hours, rather than days or weeks, regardless of the endpoint’s global location.

Key benefits

  • Reduction in mean time to respond (MTTR), typically from hours to minutes
  • Elimination of false positives with confirmed threat notification
  • Seamless integration into existing systems and workflows

Bank

Challenge: Maximize the return on investment

A bank’s security team invested in application whitelisting and CB Response to secure its endpoints. The whitelisting solution succeeded in defending against the vast majority of attacks, but CB Response sat mostly idle. The team knew that to get the most value out of the product, they needed experts constantly watching endpoint activity and identifying threats slipping past other security controls. It was a team they did not have.

 

Solution

The team began looking for a partner to help them leverage the full power of their EDR investment. The bank’s internal red team tested Red Canary and the solution detected each attack launched, the majority of which did not use malware and exploited native operating system tools like PowerShell. Red Canary gives the bank the visibility and detection coverage they need, backed by a partnership they can count on.

Key benefits

  • Broader coverage with advanced detection technology
  • 24/7/365 access to a team of experts in endpoint activity, forensic investigations, and threat hunting
  • Confidence that advanced threats and zero-day attacks are not being missed