RSA Conference: Carbon Black to introduce Streaming Prevention

RSA Conference: Carbon Black to introduce Streaming Prevention

Carbon Black is introducing at RSA Conference 2017 next week a new way for its gear to detect attacks that don’t make their way into networks via viruses or malicious files that other endpoint security software can detect.

Called Streaming Prevention, the technology can find both malware and non-malware attacks by analyzing endpoint activities in the context of the sequences in which they unfold.

It does this by having endpoint agents tag events as they occur and streaming them to Carbon Black’s analysis engine in the cloud. There the engine determines whether it falls in a sequence of events that add up to an attack and tells the endpoint to block activity that is deemed malicious.

Streaming Prevention is part of the next scheduled upgrade to the company’s CB Defense endpoint-protection platform and will be available in April. Endpoint security is a major topic at RSA due to the prevalence of attacks that focus on these devices.

The cloud analytics is based on constant analysis of data being sent from tens of millions of endpoints under Carbon Black’s protection. From that data Carbon Black generates statistical models that decide whether possibly innocent endpoint activity is actually malicious.

Analysts cull through the data to find attacks the analytics engine missed and figure out why. They tweak the algorithms that sort through live streaming data from customer endpoints so they won’t miss the same attack the next time.

Non-malware attacks use legitimate tools such as PowerShell, Remote Desktop and Flash to mask malicious activity. It’s perfectly normal for Remote Desktop to connect to other devices, but in combination with other events, that Remote Desktop activity could be an attempt for an attack to move laterally within a network, for example.

That context of these tagged events is what makes it possible to find the bad behavior.

This is different from detection that is based on a single indicator such as a malicious file that has a known signature or reputation. That type of detection does pick up on the bad files, but won’t recognize when PowerShell is up to something bad.

Because the CD Defense cloud gives insight into tens of millions of endpoints, it reduces false positives and the instances of false negatives, the company says. When the analytics in the cloud determine that an event, in the context of other events, means an attack, the cloud sends down a command to block it.

IDG Insider


«Why Intel's Unite software survived last year's brutal product purge


Hacker hijacks thousands of publicly exposed printers to warn owners»
IDG Connect

IDG Connect tackles the tech stories that matter to you

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Is your organization fully GDPR compliant?