Carbon Black looks to reshape anti-virus market with new Streaming Prevention technology

The new Streaming Prevention technology, which will be added to the existing Cb Defense endpoint product in the spring, is designed to stop non-malware as well as malware attacks.

Security vendor Carbon Black has announced its “Streaming Prevention” technology, which it says will reshape the endpoint anti virus market through its ability to stop non-malware attacks as well as malware attacks. The technology will be incorporated in the company’s Cb Defense endpoint security product, and is scheduled for General Availability in the spring.

The Carbon Black technology has its origins in three separate companies, all united by a focus on detectability, visibility and response.

“Bit9 was formed in 2002, on the assumption that trying to figure out what was bad in endpoint security was harder than figuring out what was good, and were the pioneers of application white listing,” said Michael Viscuso, Carbon Black’s CTO. “By 2013, they found some very large customers like Google were using them for a visibility tool as well as whitelisting, and Bit9 started doubling down on the story of detectability and response – with visibility in the middle.”

Viscuso said that Bit9 was told to look at a startup Carbon Black – of which he was one of the co-founders – because they had a very complementary strong focus on visibility and response. The two companies came together in a 2014 merger, and then the company was subsequently renamed Carbon Black in 2016.

The third element of the equation came last July when Carbon Black acquired cloud-based endpoint security company Confer.

Michael Viscuso, Carbon Black’s CTO

“Confer was focused on providing a sleek interface for the midmarket, and put their intellectual property into their cloud building block, to create a cloud-based offering that was no more complex than traditional anti-virus, while being more effective.” The Cb Defense solution that is being enhanced with the Streaming Prevention technology was originally acquired with Confer, and has been available through Carbon Black since the acquisition.

Confer and Cb Defense are also important because they significantly broaden Carbon Black’s market, which was focused primarily on large enterprise and hyperscale players.

“We have 2500 customers now, and many of them were large organizations who had a lot of experts, who knew what they wanted, and just needed a tool to do a better job than traditional AV,” Viscuso said. “This lets us extend our TAM [Total Addressable Market] significantly, while giving us a product that will dramatically improve on the efficacy of current AV solutions. We consider this will now be appropriate for organizations with at least one dedicated security person.”

Viscuso said that Streaming Prevention is a breakthrough innovation because it can prevent, detect and respond to non-malware attacks which gain control of computers without downloading malicious software, as well as malware.

“We found that 53 per cent of breaches don’t involve malware at all, but do things like leverage exploitable applications like Flash and native OS tools like PowerShell,” he stated. “Almost all our customers had a non-malware attack in 2016. Traditional AV, even with machine learning, still focuses on files and tries to figure out if they are malware or not, and doesn’t even see these other things. Streaming Prevention allows us to rise above the files and focus on the activity.”

Much like algorithmic day-trading applications, Streaming Prevention continuously updates a risk profile based on a steady stream of activity, to identify and block multiple, potentially malicious events which occur in succession.

Viscuso said that complementary security technologies still don’t do what Streaming Prevention does.

“SIEMs try to correlate the different events, but you can get alert fatigue from pulling stuff in,” he stated. “This is a purpose-built application that fits on the endpoint out of the box, and can prevent the attack from going further, not just tell you about it.”

Carbon Black sells mainly through the channel.

“It’s about 90 per cent channel today, and we would love it to be 100 per cent, but we have some legacy customers who won’t buy through the channel,” Viscuso said. “The channel loves us and has bought into Carbon Black as a brand because we give them a lot of access to the product. The channel is undergoing a revolution towards recurring services. The traditional VAR channel is broadening out significantly and offering managed security services, while MSPs are adding incident response services. All this is increasingly defining the trusted channel. For the partner, this keeps a close relationship with the customer in a higher touch model, while providing the right tools to offer their differentiated value.”

The Streaming Prevention technology addition to Cb Defense, is available for testing now and is scheduled for GA in early spring.