Carbon Black Solutions

Maximize the value of your Carbon Black investment

Red Canary partners with Carbon Black to deliver superior endpoint detection and response to organizations of all sizes. Our team has managed hundreds of CB instances for years and we know the technology inside out. Take advantage of 24×7 advanced threat defense in minutes, with minimal overhead.

  • Full EDR for Windows, Linux, Mac
  • Multiple deployment options
  • Broadest remediation capabilities
  • Cloud-based infrastructure
  • Single agent for EDR and NGAV
Operational Considerations
  • Potential for high infrastructure overhead
  • Limited long-term data retention
  • Separate agent required for NGAV
Operational Considerations
  • Linux and Mac support still under development
  • Fewer automated remediation actions
  • Separate data store from CB Response
Red Canary Value
  • Full range of 24×7 services, from hosting to managed detection and response
  • Support for any deployment architecture
  • Long-term data retention
  • Automated Live Response actions
  • Open APIs to 3rd-party solutions
Red Canary Value
  • 24×7 detection and response from day one
  • Support for hybrid ThreatHunter/CB Response deployments
  • Consolidated with CB Response historical forensic data
  • Automated Live Response actions
  • Open APIs to 3rd-party solutions
High fidelity telemetry

We help you deploy, configure, and manage Carbon Black’s industry-leading endpoint sensors to collect, process, and retain high fidelity telemetry data.

Advanced threat detection

Once collected, we continuously analyze all telemetry to accurately identify and alert on malicious behavior and attacks throughout the threat lifecycle.

24/7 threat confirmation

The Red Canary Cyber Incident Response Team (CIRT) investigates every potential threat. When a threat is confirmed, the CIRT quickly assembles all relevant details about the attack so you can accurately remediate.

Incident response automation

You can quickly respond to confirmed threats via your own processes, ad hoc automated actions directly within the incident report, or fully automated remediation playbooks.

Implementing CB ThreatHunter

Security teams are increasingly adopting cloud-based solutions to simplify and streamline operations. That’s why Carbon Black ThreatHunter is an attractive option for organizations looking to migrate their threat protection to the cloud. But there are several operational considerations that may impact how and when you migrate an existing CB Response instance to ThreatHunter.

Red Canary can help you throughout planning, implementation, and ongoing operations to make your transition to ThreatHunter effective and efficient.

Consistent coverage

A common fear in migrating endpoint solutions is a drop in protection due to lack of feature parity. At some point during the migration there will be different sensors on different endpoints. Red Canary gives you peace of mind throughout the transition by monitoring all endpoints regardless of OS, endpoint type, or sensor deployed, with the same 24/7 expert detection and response.

Consolidated data retention

Maintaining data continuity is critical for many reasons, including historical forensics, compliance, internal auditing, and others. Red Canary consolidates all your endpoint telemetry, giving you centralized access to both CB Response and ThreatHunter raw and normalized data in a single, centralized location. We make sure you won’t have to worry about split databases, lost data, or a lack of consistent historical context.

Cross-platform continuity

Another potential delay in your migration plan is the current lack of operating system support parity between CB Response and ThreatHunter. With Red Canary, you can migrate your Windows devices to ThreatHunter and keep your Linux and Mac devices on CB Response, without worrying about splitting resources between two deployments.

We’ll collect, aggregate, and analyze data from both, seamlessly delivering 24×7 threat detection and response throughout the transition, no matter how long it takes.

Migration that works for you

Migrating to new solutions includes considerations and dependencies unique to each organization. No matter what your timeline, Red Canary can help you safely and effectively migrate to ThreatHunter at your own speed. We’ll deliver security operations continuity throughout the entire process, minimizing service outages and ensuring that you have full access to all your relevant threat data at all times.


Deep expertise rooted in shared lineage

Red Canary and Carbon Black were both innovations started inside Kyrus Tech, a boutique cybersecurity defense contractor. Red Canary’s founders started working with Carbon Black on Day 1 to deliver expert incident response services. When the founding team realized CB Response collected all the necessary data for proactive threat detection and response, the idea for Red Canary was born. Red Canary began offering a custom-built detection and response solution to arm organizations of all sizes with the industry’s most advanced CB Response operation.

CB's Co-Founder on Red Canary

Stop chasing false positives

The Red Canary Cyber Incident Response Team (CIRT) investigates every potential threat, maintaining a dynamically updated library of automated playbooks and leveraging powerful incident response tools that allows analysts to get through 30 to 50 times more data. When a threat is confirmed, the CIRT quickly assembles all relevant details about the attack so you can accurately remediate.


Focus on real threats

CIRT detection engineers continually fine-tune the platform to deliver confirmed threat detection with 99.999% accuracy. Once a threat is confirmed, you can respond quickly following your own processes, initiate ad hoc automated actions directly from within the incident report, or execute fully automated remediation playbooks.


Extend your team

CIRT experts are also available for on-demand threat hunting, operating as an extension of your team to help you implement more proactive security measures. We map our detection directly to MITRE ATT&CK™ to speed communication of attacker tactics being used and ensure that you’re not only protected from individual threat vectors, but from the latest advanced threats and adversary techniques.


Comprehensive protection in minutes

Red Canary rapidly deploys best-in-class detection and response technology and services, enabling you to benefit from the speed and simplicity that comes with cloud-based delivery.

If you already have Carbon Black, we seamlessly integrate with your existing deployment. Within minutes of starting with Red Canary, you are covered.