back to top

Trending Content:

What’s Residual Danger? Definition & Compliance | Cybersecurity

Residual threat is the risk or vulnerability that continues...

Getting Into the Vacation Spirit: Make Christmas Really feel Like Christmas Once more

Getting Into the Vacation Spirit: Revive the Magic...

Carbon Black vs Symantec Endpoint Safety | Cybersecurity

The data safety (infosec) house is for probably the most half divided into two camps:  established gamers utilizing a mix of outdated/new ways for combating cybercrime, and market entrants trying to rethink safety from the bottom up. Assault strategies are more and more subtle and require novel approaches for detection and remediation—since little or no is known concerning the subsequent era of threats, alternatives abound for each incumbent leaders and upstarts alike. And with focused assaults and superior persistent threats (APT) on the rise, newer gamers with progressive approaches to safety are seeing ample alternatives for supplanting longstanding market leaders and their ageing safety merchandise.

One such upstart—Carbon Black—takes a unique strategy to safety that makes use of signature-less risk prevention and software whitelisting. Let’s check out how the platform compares with safety veteran Symantec’s Endpoint Safety providing.

Bit9 + Carbon Black

Although based again in 2002, Bit9 got here into its personal in 2014 with the acquisition of Carbon Black. Bit9’s agent-based platform structure permits the enforcement of whitelist insurance policies on each endpoint, whereas Carbon Black allows endpoint file conduct monitoring and real-time risk detection via endpoint-installed sensors and information recorders. The merging of the 2 successfully combines Bit9’s signature-less, whitelist-based risk safety with Carbon Black’s steady monitoring and incident response capabilities. In 2016, the corporate was rebranded to Carbon Black.

Carbon Black’s trust-based safety mannequin revolves closely round its central whitelist database: a registry of trusted, recognized good software program and their classifications/rankings. These belief rankings are supplied by the Carbon Black Software program Fame Service—apparently the world’s largest hash database of software program. Moreover, the platform is augmented by the agency’s Risk Intelligence Cloud—a repository containing prolonged attributes for billions of software program executables, in addition to risk and belief rankings for revealed and rogue software program.

A distinction ought to be made between conventional safety strategies employed by customary IDS/IDPS options and whitelisting—the latter of which is employed by Carbon Black. Although each strategies use file hashes to trace file modifications, whitelisting by default assumes a “deny” posture, versus the default “allow” strategy utilized by most IDS/IDPS choices. In Carbon Black’s case, an software whitelist accommodates an inventory of recognized good functions and their file privileges. As a result of solely trusted software program is allowed to execute in a single’s IT setting, malicious packages are prevented from making any unauthorized modifications . That is particularly essential when coping with zero-day assaults that use malware unknown or unidentifiable by conventional safety instruments. With Carbon Black, maliciously altered recordsdata could be simply be prevented from execution by checking the appliance whitelist.

Symantec Endpoint Safety

A acknowledged title in IT safety, Symantec includes a full line of options for securing and managing info, identities, and infrastructures. Its personal reply to endpoint detection is named—appropriately sufficient—Symantec Endpoint Safety. The platform allows complete infrastructure safety via the next core parts:

Endpoint Safety Supervisor—a server that manages computer systems linked to a protected community.Endpoint Safety Supervisor Database—a datastore of safety insurance policies and eventsEndpoint Safety Shopper—endpoint software program that protects and scans machines for viruses and malware.

Much like Carbon Black, Symantec Endpoint Safety makes use of a trusted datastore for figuring out recordsdata to  be scanned—on this case, with information supplied by the Symantec International Intelligence Community (GIN). This community of tons of of hundreds of thousands of sensors feed information into an enormous repository of safety information gleaned from the monitoring, analyzing, and processing of greater than 10 trillion safety occasions per yr worldwide. In response to Symantec, this provides its platform vital velocity advantages by incorporating scan elimination—as an alternative of scanning each file, it eliminates and deduplicates pointless scan jobs for smarter and sooner operation.

Safety Rankings

Cybersecurity’s VendorRisk platform is utilized by tons of of corporations to routinely monitor their third-party distributors. We ran a fast floor scan on each Carbon Black and Symantec, and located them to have related scores:

Our fast evaluation confirmed that each corporations carry related dangers which embrace:

Primarily based on their rating, Carbon Black edged out Symantec. However each corporations have work to do in sustaining good safety hygiene and finest practices for themselves.

Allow us to routinely measure and monitor the safety of Carbon Black, Symantec and your different third-party distributors for you.

Get a demo of Cybersecurity VendorRisk as we speak. 

Abstract

Cyber threats are continually evolving and safety instruments should observe go well with. This cat-and-mouse recreation usually places many legacy distributors at a drawback, as they usually lack the agility to reinvent ageing safety fashions and architectures from the bottom up. That stated, newer safety corporations growing superior methodologies for risk safety are primarily constructing options which can be unproven towards future threats. Symantec Endpoint Safety and Carbon Black are consultant circumstances of every—apparently sufficient, each incorporate consolidated risk intelligence datastores as essential parts of their respective providing. And regardless of the obvious similarities, Symantec’s GIN is definitely fairly completely different than Carbon Black’s whitelisting mechanism. The latter makes use of a hash database of software program belief rankings— the Carbon Black Software program Fame Service—to find out which recordsdata to whitelist. The GIN datastore is used for fast identification of fine and dangerous actors to optimize file scanning effectivity.

Each approaches have their benefits and disadvantages. Symantec Endpoint Safety is complete however lacks integration capabilities with different safety instruments like an SIEM. And regardless of how expansive GIN’s intelligence gathering capabilities, the answer nonetheless depends on recognized risk information to drive its safety enforcement mannequin. Additionally, non-Home windows customers could also be out of luck with Symantec, because the Supervisor element requires a Home windows machine to run on.

Carbon Black’s whitelisting expertise appears promising, however wants additional refinement—a latest compromise resulted in malware being despatched to a number of of the corporate’s clients. And simply to be honest, Symantec’s providing has not been with out its personal vulnerabilities. Suffice to say, nobody answer can successfully defend a company’s infrastructure towards as we speak and tomorrow’s threats. A reliable safety technique ought to include best-of-breed instruments assembled in a steady safety toolchain, with monitoring layered throughout them —via deep protection, organizations can keep an optimum safety posture.

 
Carbon Black
Symantec Endpoint Safety

set up and setup

Single endpoint set up is easy

Helps WIndows, MacOS, Pink Hat Linux, and CentOS

Enterprise setting require skilled companies, which could be expensive

Installs as a regular Home windows software

Supervisor element solely works on Home windows platforms

Options

Constructed completely on open APIs and options straightforward integration with different instruments

Makes use of the Carbon Black Software program Fame Service— the world’s largest hash database of software program

Powered by the Symantec International Intelligence Community (GIN), an enormous information repository of risk intelligence collected from one of many largest assortment of sensors within the trade

Consists of a regular suite of safety instruments together with IDPS, firewall, and anti-virus/malware.

Pricing
$420/3-year license
$54/1-year license

Documentation & Assist
Accessible on web site
Accessible on web site. Group help is pretty intensive

Prepared to avoid wasting time and streamline your belief administration course of?

Carbon Black vs Symantec Endpoint Safety | Cybersecurity

Latest

Newsletter

Don't miss

22 Fashionable Cincinnati, OH Neighborhoods: The place to Reside in Cincinnati in 2025

“The Queen City,” Cincinnati, OH, is a vibrant metropolis...

Key Findings within the ASX 200: A Sneak Peek at Our In-Depth Report | Cybersecurity

In as we speak’s quickly evolving digital panorama, managing...

Constructing a Strong Vendor Danger Administration Dashboard | Cybersecurity

In at present’s interconnected enterprise panorama, outsourcing to third-party...

What’s Cyber Risk Intelligence? Preventing Cyber Crime with Information | Cybersecurity

Cyber risk intelligence (CTI) considers the total context of a cyber risk to tell the design of highly-targeted defensive actions. CTI combines a number...

The 6 Largest Cyber Threats for Monetary Providers in 2024 | Cybersecurity

In line with VMware, the primary half of 2020 noticed a 238% enhance in cyberattacks concentrating on monetary establishments. And based on IBM and...

What are the Greatest Cyber Threats in Healthcare? | Cybersecurity

The mix of poor cybersecurity practices, delicate information storage, and a desperation to protect enterprise continuity in any respect prices, makes the healthcare trade...

LEAVE A REPLY

Please enter your comment!
Please enter your name here