Carbon Black Defense "Put To The Test" @ Satisnet
If you haven’t heard of Carbon Black Defense it is a next-generation anti-virus solution for desktops, laptops, and servers that protects computers from the full spectrum of modern cyber-attacks, delivering the best endpoint protection with the least amount of work.
Using a combination of endpoint and cloud-based technologies, Cb Defense stops more attacks than other Next Generation Anti-Virus (NGAV) products. Its deep analytic approach inspects files and identifies malicious behaviour to block both malware and increasingly common malware-less attacks that exploit memory and scripting languages like PowerShell.
Here at Satisnet we really like to see how amazing these products are, and whether what is said can actually be done.
- Stops file-based attacks: malware and ransomware
- Stops next-gen attacks: memory-based, PowerShell, script-based, and obfuscated malware
- Provides visibility into blocked attacks to show what happened and what was impacted
- Best-in-class behavioural analytics reduces false positives compared to ML-only solutions
- Always have the answers you need and close security gaps that other solutions miss
- Utilise collaborative threat intelligence to automatically stop attacks others have seen
- Remove unwanted items
- Fast to deploy and easy to maintain
- No impact on end users or endpoint performance
- Windows: Windows XP SP3, Windows Vista, Windows 7/8/10
- Mac: OS X 10.6.8+
- Server: Windows 2003, Windows 2008, Windows 2012
Our Sandbox platform consists of around 12 machines running a range of operating systems, some patched, some with vulnerable applications and others that are common to businesses. With agents installed on all machines we have a platform for testing whether products really do live up to their name and what has been promised. By accessing the console on the cloud we can start the testing.
So after setting up agents on each machine in the test environment we gathered over 300 pieces of malware, ransomware, trojans, viruses, whereby each was either downloaded to a machine, opened via email or USB and run.
Over that day over 300 threats were identified and monitored. See below:
Cb Defense blocked all ransomware (locky, crilock, bucbi) attempts by stopping the files from being executed along with alerting on hundreds of different exploits from the local agent installed.
- Adwind backdoor
- Fynloski Backdoor
- Sality virus
- HTML/ExpKit.Gen2 malware
- Fareit virus
- VBInjector Trojan
- Spacfl Trojan
- Tepfer Trojan
- Donoff Trojan downloader
- And many more
The environment was secure against everything we threw at it which is rare to see, especially from an antivirus.
CB Defense is soon to be changing the look and feel on its cloud console which is already easy to use and navigate. It really does go nicely with the other Carbon Black family.