Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Announcing General Availability of Cb Response 6.1

Announcing General Availability of Cb Response 6.1

Hello All,

Carbon Black is announcing General Availability of a new version of its market-leading incident response and threat-hunting solution, Cb Response 6.1. This release completely reinvents the back-end architecture and front-end UI of the product.

Cb Response now scales to the largest of enterprises, supporting 150,000 endpoints per cluster built on a new, innovative system architecture. Performance is markedly faster. Storage is also decoupled from processing. If you want to keep your data longer, just add disks, not servers. The improved scaling marks a 3X improvement over previous versions, something our team, our customers, and prospects around the world are very excited about.

On the front-end, the new UI streamlines workflows, improves ease of use and creates a better overall analyst experience.

The new release is available now. Please check for upgrade instructions.

***Update 5/25: Please check out the for known issues and knowledge base articles that have been generated since GA.  These docs will help out as you get started with 6.1. Thanks!

**Note: There are two scenarios under which we recommend that you delay upgrade.  See below for more details.

Product Updates

The following is an quick overview of the prominent features included in 6.1.

Dramatic Scalability Enhancements

  • 3x Increase in Endpoints per Server/Cluster
    • 18,750 EPs per Server
    • 150,000 EPs

Performance Improvements

  • Improved speed of search and analysis results
  • Quicker connections with Cb Live Response and endpoint isolation
  • Faster visibility into sensor data from your endpoints

Improved Console For Better Analyst Experience

  • New UI built around a new ‘Heads Up Display’:
    • Provides the most relevant information upon logging into the console
    • Customization allows you to focus on the information you care about 
  • Power Command Line Parsing:
    • Enhanced tagging of command line activity for faster searching of metadata
    • Construct detailed searches on cmdline that were not possible before.
  • New Process-Timeline View:
    • See spikes in specific activity-types to note anomalies for deeper investigation
    • Quickly pivot to a specific timeframe when correlating alerts from other systems
  • Simplified Querying
    • Visual query builder for easier search construction and search editing
    • Enhanced, customizable filtering
    • Saved Searches build a personalized repository of queries for instant recall
  • A dramatically enhanced Watchlists page
    • Improved metrics highlight hit-based performance for better Watchlist curation
    • Configure expiration of Watchlists based on performance
  • Check out this link for a Quick Tour of the Cb Response 6.1 UI


Deployment Details
The release is now available now on YUM.  Please check for details on how to install/upgrade and for new versions of product documentation.


***Important Notes:

  • If you are a Cb Response Unified View user, we recommend that you delay upgrade to 6.1.  The 5.x version of Unified View is not compatible with 6.1. We are working to have a 6.1 version of Unified View available soon. We will announce availability via a post to the User Exchange (targeting Mid June).
  • If you are a user of our APIs, there are some changes that may affect you.  We have updated the 6.1 API documentation and recommend you review the content at this link https://developer.carbonblack.com/reference/enterprise-response/ to ensure your API scripts will function as expected before upgrading.

As with all endpoint deployments, we highly recommend a phased roll-out approach in line with your organization’s software deployment best practices.

If you have any questions or concerns, please contact Cb Technical Support.

Happy hunting!

The Cb Response Team

Comments

This is great news and we're really excited about the release.  We looked through the release notes and didn't see specifics around the Live Response and Isolation improvements.

Can you elaborate on the following please?

  • Quicker connections with Cb Live Response and endpoint isolation
  • Faster visibility into sensor data from your endpoints

Thanks!

Quick question.  If upgrading the CB server, would older versions of the sensor still be compatible if we didn't deploy them right away?  Would there be any performance issues in using slightly older sensors?

Hi there,

Yes, 5.x sensors will be compatible with the 6.1 server.  You will not see the full performance benefits without upgrading your sensors.  I quote 3x in the post, with older sensors you'll be seeing somewhere in the 2x range.

Let me know if you have any add'l questions.

Thanks,

Justin

Hi Chris,

In 6.1, we made significant improvements in the sensor check-in and data ingest pipelines.  This work resulted in communications coming to/from the sensors more often and more reliably. This has two benefits:

1) Because sensors are checking more frequently and on a more predictable cadence, isolation and CBLR will be more responsive (since these features rely on check in to take any action)

2) The new data ingest model means that (in a vast majority of cases) when data arrives at the server it is ingested and made searchable significantly faster than in 5.2.x.

Let me know if you'd like to discuss further. Appreciate the question!

-Justin

Technical Product Manager - Cb Response

The delivery schedule for Unified View has been adjusted to August. This is partly due to the overall effort and partly to accommodate a few very important changes to how we package and deliver Unified View.

Any updates on the release of the new version of Unified View?

Due to a number of factors we are adjusting the schedule for release of Unified View 6.1. The new schedule is as follows:

September - Controlled Distribution (production ready)

October - GA

If you would like access to the Controlled Distribution, please email amcadams@carbonblack.com.

We apologize for this delay and appreciate your patience. If you would like to discuss further, please feel free to reach out to me directly mbilancieri@carbonblack.com.

Regards,

Michael

Article Information
Author:
Creation Date:
‎05-03-2017
Views:
7318