Despite their efforts to prevent intrusions, enterprises can find themselves dealing with large-scale compromises. When the investigation reveals that numerous endpoints in the organizations are infected with malicious code, how can responders quickly contain and recover from such incidents?
Endpoint security solutions from Carbon Black and Minerva Labs work together to help responders handle such situations in a way that minimizes business disruption and risk.
Malware Containment at the Endpoint
In a scenario where malware found its way past preventative defenses and affected numerous endpoints, enterprises can rapidly deploy Minerva’s Anti-Ransomware Platform to automatically disrupt malicious code. Minerva’s technology causes evasive threats to terminate themselves or crash, allowing the system to continue performing critical business functions. This capability is especially useful when the company finds it impractical to quarantine the affected endpoints.
Once Minerva neutralized malware in this manner, the organization can use Carbon Black’s Cb Response and Cb Defense capabilities to continue investigating the incident, reliably assessing the nature of the attack and eradicating malicious presence from the environment. Minerva and Carbon Black’s solutions work together to allow the company to contain the incident in a highly precise and scalable manner in a high-stress environment of a large-scale compromise.
Recovering from Ransomware Attacks
In scenarios where the enterprise is battling a ransomware infection, the organization can use Carbon Black and Minerva’s solutions to recover from the incident. Minerva’s Anti-Evasion Platform is able to restore the documents that such malware attempted to destroy.
Carbon Black customers can easily interact with this feature by using Live Response functionality built into Cb Defense and Cb Predictive Cloud. Incident responders can click the Go Live button to bring up an interactive Carbo Black console for interacting with the affected endpoint to restore the destroyed documents. This is possible even if Carbon Black is enforcing a quarantine around the infected endpoint by isolating it from the organization’s network.
As shown in the screenshot below, Carbon Black and Minerva customers to easily use the Live Response console to direct Minerva to restore documents (in this example, the Minerva.jpg file). This way, end-users can quickly obtain the file without having to pay ransom. This is one of many ways in which Minerva aids incident responders and strengthens customers’ defense ecosystem that employs other security solutions.