This week we’re happy to announce the rollout of the July ‘17 update of Cb Defense.
Following the May ‘17 release, we heard a tremendous amount of positive feedback on the new user interface and Attack Visualization within Cb Defense. In the July release, we have enhanced the user experience for the capabilities that were introduced in May, continued to evolve the prevention capabilities of CB Defense, and made it easier for new users of Cb Defense to get the most out of the solution.
For all current customers, here are the most significant functional improvements that will be rolling out in the first half of July. For more detailed information about what’s included in this release, you can view the Release Notes or the updated Cb Defense User Guide.
Faster Triage and Remediation
A handful of improvements to the Attack Visualization make it simpler than ever to completely understand each alert so users can take the proper actions to take to remediate, if necessary.
Following the May release, the most common suggestion from users was that the attack visualization should show where each attack was stopped. The attack visualization graph now uses icons to indicate where in the attack kill chain an operation was denied or terminated.
We have made a number of other enhancement to improve the usability of Cb Defense. These improvements help you better understand events within your environment and accelerate triage.
Page Header - Information at the very top of the Triage Alert page has been updated to align with the Threat Categories on the dashboard (Non-Malware, Potential Malware, Known Malware and PUPS).
Graph Legend - The legend for the attack visualization has been moved to the top of the graph to make it more accessible.
Selected Node - On the attack visualization graph, the selected node will now be highlighted to make it easier to see which process you’re viewing information about.
Take Action - The Take Action button has also been further emphasized to make it easier to find your best options for responding to an attack.
Improved Non-Malware Prevention
The July release includes a new policy rule for attacks that involve command interpreters, a commonly used tactic in document-based attacks.
For example, an attacker may attempt to launch a command interpreter from a Microsoft Office application as their primary way of controlling the endpoint. Cb Defense now allows these detected events to be used in policies to automatically deny the operation or terminate the process.
Supported command interpreters for this policy rule include:
sh, bash, csh, zsh, tcsh, Python (macOS)
Microsoft Windows Security Center Compatibility
Cb Defense now features integration with Windows Security Center and is officially a Microsoft certified antivirus solution. This integration allows users and administrators to select Cb Defense as the primary virus protection solution in the Security and Maintenance screen on Windows machines.
At its core, this release focuses on making it easier than ever to respond to events that occur within your environment and improving prevention against modern attacks. We look forward to hearing feedback on this release and continuing to move forward together.