Carbon Black's purchase of Confer shows EDR is the winning approach to cyber security

I was happy to read today’s news about Carbon Black purchasing Confer. This acquisition, along with Cisco’s acquisition of CloudLock earlier this month, shows the strength of Boston’s cyber-security community. Massachusetts is clearly becoming the cyber-security capital of the U.S., and I am proud to have Cybereason’s headquarters in Boston.

The acquisition proves that the endpoint detection and response (EDR) market is maturing. A few years ago antivirus software was seen as the most effective tool for keeping a company safe from attackers. But as we’ve seen with the rash of breaches in recent years, prevention is far from sufficient at keeping companies safe.

Now businesses as well as security vendors realize the importance of detection and response and realize the critical role endpoints play in delivering these capabilities. You’re seeing enterprises boost their endpoint security budgets to include EDR capabilities and vendors acquire endpoint companies in an effort to beef up their products and offer a more complete suite of prevention, detection and response solutions.

The Confer acquisition demonstrates the value of analytics. It shows that endpoint visibility is important, but only as a mean to end to acquire data and apply analytics to spot bad activity.

This merger clearly establishes four players in the EDR market: Crowdstrike, Carbon Black, Cylance and Cybereason.

How do we win in this market? We are the only EDR player that does not look at one endpoint at a time and run analytics on the individual endpoint. While running analytics on an individual machine can effectively detect of some types of malware, it has proven ineffective at spotting advanced hacker activities such as fileless malware attacks or detecting activity that involves a few machines like lateral movement. It is an exciting time to be in cyber security. The opportunities are huge, and we are finally changing the odds in the favor the defenders.

Lior Div is the CEO of Cybereason.

Lior Div
About the Author

Lior Div

Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.

All Posts by Lior Div