Winter is Coming: Will You Be Ready?

In IT security today, there are two deeply disturbing trends that when looked at together should strike fear in the heart of any CISO. For those who are fans of the HBO series, Game of Thrones: Winter is coming.

First, the world is seeing an increase in attacks (malware, DDOS, APT) of all types. For GOT fans, you can think of this army of hackers as white walkers and the tools they use as their ever-growing zombie army. At Carbon Black, we see 250,000 new malicious files every day and AVTest believes the total number of new malware samples this year has nearly eclipsed 20 million already for 2016.


Secondly, back up the wall at the Night’s Watch while the number of attacks is increasing, the skills gap for qualified security professionals only continues to rise. According to ISACA, today it takes the average organization over six months to fill security related positions and analyst firm Frost & Sullivan only sees the problem is going to get worse estimating a 1.5 million person job shortfall by 2019.


Phantom’s Erich Baumgartner posted a strong article on this issue of job shortages earlier in the year, but when you step back and think about the potential implications of these two trends on existing security teams you can’t help but be a bit terrified at the prospects for the future.

A growing number of smart, dedicated and targeted attackers attempting to exploit vulnerabilities in a rapidly expanding attack surface against a hugely understaffed IT security team, just like on TV, the odds of success are not good. In this environment, it should be no wonder that it takes the average organization nearly six months to discover a breach.

At Carbon Black, we’re on a mission to provide organizations with the best endpoint security possible. We believe the only way organizations can do this is by enabling people and technology to better work together. It’s why we support robust open APIs across our platform and continually push ourselves and our clients to see new use-cases and continue to deliver new capabilities through technology alliances.

With its potential to change the economics of security and serve as a force multiple to under-staffed security teams, we at Carbon Black believe strongly that organizations need to begin considering how to automate and orchestrate parts of their environments, today.

To help make this possible, we’ve partnered with leaders in the space like Phantom to make it easy to incorporate Carbon Black Enterprise Response’s continuous visibility, threat detection and remote incident response capabilities into the Phantom platform as part of a broader workflow.


The flexibility and broader vendor support of the Phantom platform opens up new doors for security teams. Above is an image outlining one example of how you could leverage Phantom and CbER to orchestrate a response to a malware compromised system.

As you can see above, the power from the Phantom platform comes from being able to tie in other security tools such as EDR, SIEM, sandboxes, and others to quickly respond to detection events, or other common security use-cases, in an orchestrated and automated manner.

With a growing threat and qualified employees in short supply, having an automation and orchestration platform working in conjunction with best-of-breed tools like Carbon Black can help pump up your IT defense at a critical time by squeezing more from less.

If you are interested in learning more about how Phantom and Carbon Black are partnering to simplify incident response and to see a demo in action, stop by the Carbon Black (S1535) or Phantom (S2621) booths at RSA next week.

Ian Lee
Product Marketing Manager
Carbon Black

About Carbon Black:
Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals to shift the balance of power back to security teams. Forward-thinking companies choose Carbon Black to arm their endpoints, enabling security teams to: Disrupt. Defend. Unite.

About Phantom:
Phantom automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: