Press Release Physical, Computer and Network Security

Carbon Black’s Cb Defense recognised by Ovum as a key technology to replace legacy antivirus

Report states Cb Defense provides effective protection against malware and file-less attacks in the cloud

Carbon Black, the leader in next-generation endpoint security, today announced a new, independent report from analyst firm Ovum recognising Cb Defense, the company’s next-generation antivirus (NGAV) solution, as a compelling option for any Endpoint Protection Platform (EPP) project to replace legacy antivirus.

The report, ‘On the Radar: Carbon Black defends against malware and file-less attacks’, outlines how threat actors are increasingly moving to circumvent anti-malware systems by compromising legitimate on-device tools, resulting in a growing need for technology that can address malware, file-less attacks, and in-memory attacks. The report states: “Carbon Black’s Cb Defense addresses this requirement and is well positioned to grow its market share as a result.” 


“Carbon Black makes no bones about the fact that it is seeking to replace both legacy incumbent products and the other next-generation newcomers in the world of EPP,” wrote Rik Turner, Principal Ovum Analyst. “Cb Defense uses a lightweight agent on the endpoint, requiring no more than 1 or 2 per cent of the power of the local processor to look at events, enforce prevention, and send data up to the system’s cloud-based brain.

Static and dynamic analysis is performed on the endpoint and in the cloud. This stance differentiates Carbon Black from many of its competitors, which focus on static analysis.”

Cb Defense is a cloud-based NGAV solution for desktops, laptops, and servers that combines advanced prevention of malware and attacks with detection and response capabilities. The Ovum report recommends that enterprises put Cb Defense on their radar because, instead of relying on signatures, Carbon Black combines static and dynamic analysis to detect malicious code and attack streams.

The report describes Carbon Black’s approach “to file-less attacks, [which] relies on a continual risk profile assessment to determine whether a legitimate tool is being misused and, if necessary, block it. The system’s heavy lifting is all in the cloud, with a lightweight agent on the endpoint that looks at events and applies prevention.”

The report also highlighted:

  • Cb Defense is an EPP that combines next-generation antivirus (NGAV) and endpoint detection and response (EDR) to detect, prevent, and respond to both malware and file-less attacks.
  • For blocking attacks, Carbon Black has developed a breakthrough technology: streaming prevention. This approach leverages event-stream processing to update a risk profile upon which it makes security decisions.
  • Streaming prevention addresses attacks that leverage native operating system tools, such as PowerShell and Windows Management Instrumentation (WMI), as well as malware-based attacks.

The report hones in on Carbon Black’s streaming prevention technology and how Cb Defense leverages it to address both malware and non-malware attacks. Streaming prevention is based on event-stream processing, a technology that underpins algorithmic day-trading and fraud detection.

It continuously updates a risk profile based on a steady stream of computer activity, and when attack patterns are detected, the attack is blocked.

This new report comes on the back of Cb Defense being recognised last month with an overall five-star rating by SC Media, the highest possible rating. Additionally Cb Defense was recently named Best Advanced Persistent Threat (APT) Solution at the SC Magazine Awards Europe 2017 and won a 2017 Edison Award for innovation in cybersecurity. 

News From

Carbon Black - endpoint securityCarbon Black
Category: Security Company about: Carbon Black leads a new era of endpoint security by enabling organisations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals from IR firms, MSSPs and enterprises to shift the balance of power back to security teams. Only Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker’s every action, instantly scope every incident, unravel entire attacks and ...
This email address is being protected from spambots. You need JavaScript enabled to view it.