Our joint customers also utilise the rich, bidirectional APIs available in Carbon Black such that SOAR playbooks can call upon our platform to automatically respond to attacks. It is common that these SOAR tasks (playbooks) take advantage of the rich telemetry and system security state information available from the Carbon Black Cloud pull information from the Carbon Black Cloud in order to improve the fidelity and speed of detections (of suspicious activity). Customers use the Phantom SOAR platform as a centralized means to drive automation of common and repetitive tasks, as well as to orchestrate the operation of such tasks across multiple, different security controls. The Splunk SIEM, and the associated Splunk Phantom SOAR enjoy significant market share and are commonly used across Carbon Black’s own customer base. This strategy, which we term an “Open Ecosystem” approach, recognizes the not insignificant investments of time, effort, and financial commitment that customers have already sunk into the other security controls they trust to protect their environments and underpin their Security Operations Centers (SOC). Our strategy at Carbon Black is founded on recognizing and supporting the need for out of the box integration with third party security solutions. SIEM/SOAR is a foundational tool in the Security Operations Center, which together with EDR, XDR, and other detective security controls provides the means to rapidly detect and respond to threats. Carbon Black Cloud is often deployed in organisations which have a mature enough security operations stance that a SIEM/SOAR platform is also deployed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |