Blog

September 10, 2020

Cyborg Security VMware Carbon Black EDR Threat Feed

Written by: cyborgsecurity

Cyborg Security has partnered with VMware Carbon Black to provide a new, advanced contextualized Threat Intelligence Feed. Together with Carbon Black, we offer a targeted, tailored, contextualized, and enriched Threat Feed concentrating on top commodity malware, the latest threats, and APT actors. Cyborg’s operationally focused feed allows analysts to classify, rank, prioritize and respond to threats faster based on the high-quality meta-data delivered with every indicator of compromise. Cyborg’s IOC’s are vetted, validated, and contextualized using MITRE ATT&CK, Kill Chain and Diamond Model taxonomies as well as other tagging including region, industry, actors, etc. This level of contextualization provides organizations and analysts with “to-the-point” information needed to respond effectively and efficiently. The Cyborg Security Threat Feed includes a comprehensive decay model based on the indicator type, ensuring that all ingest indicators of compromise are actionable and relevant. You won’t find a more comprehensive threat feed anywhere else. 

Our flagship offering, the Cyborg Security C.O.R.E. Portal, provides queries mapped to specific EDR technologies including VMware Carbon Black EDR. Accessing the threat hunting content within VMware Carbon Black’s EDR platform allows analyst to have the query available “in-tool” resulting in faster response and data pivoting. The contextualization of the use cases and content are available through the feed, however, there is also a link providing access back to C.O.R.E. allowing analysts to dive deeper into the enriched and contextualized information of the particular threat hunt query and its associated information that an analyst needs to make the right decisions for a response. 

Our advanced feed is available to all Cyborg Security customers using VMware Carbon Black and can also be purchased as an ad-hoc subscription service. The Cyborg-VMware Carbon Black feed is available in the VMware Carbon Black Cloud Enterprise EDR and the On-Premise VMware Carbon Black EDR platforms. 

Cyborg Security, combined with Carbon Black’s EDR platforms, extends Cyborg Security’s threat hunt and intelligence capabilities, and allows the contextualized intel and threat hunt queries to be ingested and run within the native VMware Carbon Black environment. Simplify your threat hunts and augment your analyst, become a Cyborg. Explore. Deploy. Hunt.

For more on threat intelligence, read Soupy’s blog, What the Heck is Threat Intelligence?

About the Author