Bit9 Merges With Carbon Black For Incident Response


Bit9 is merging with security startup Carbon Black in a move to add incident response capabilities to its endpoint security platform.  

Terms of the merger were not disclosed, but Bit9 said the combined companies would retain the Bit9 name. The company also said it raised $38.3 million to build out a combined suite to detect and remediate endpoint threats.

San Antonio-based Carbon Black was founded in 2011 and uses lightweight sensors to monitor endpoint devices for code execution, file or registry modifications, and new network connections. The goal of the platform is to continuously record endpoint activity to pinpoint malware and the vulnerabilities being exploited. The company's platform uses threat intelligence feeds and combines it with the sensor data to detect malware.

[Related: Providers Still See Value In Selling Simple Antivirus]

Waltham, Mass.-based Bit9's roots are as a pure whitelisting vendor, only allowing approved applications to execute on endpoint devices. Industry analysts told CRN that the company has gone beyond traditional whitelisting by monitoring systems for memory violations, process behavior, registry settings, attached USB devices, file changes and other suspicious activity. Bit9's technology can be customized to tightly restrict devices on the network or more loosely to alert on threats and closely integrates with file analysis technologies from FireEye, Palo Alto Networks and others.

The goal of a combined suite is to not only monitor and detect suspicious activity that might signifiy a threat on the endpoint, but also to leave a trail so incident responders can remediate vulnerabilities and reduce the attack surface, said Patrick Morley, Bit9 president and CEO.

"Because Carbon Black’s lightweight endpoint sensor can be rapidly deployed with no configuration, organizations can now have continuous surveillance of all of their computers. And they can stop advanced threats by using Bit9’s signatureless prevention technology, which can be customized to meet the needs of different users and systems," Morley said in a statement.

Bit9 suffered a serious data security breach last year that resulted in the leak of intellectual property at the core of its security software. The attackers stole code-signing certificates and were able to successfully infiltrate several Bit9 customers. The company later acknowledged that its IT team had failed to install its software on several endpoint systems, giving attackers a way to gain initial access to the company's network. Bit9 chief security officer Nick Levay recently told CRN that he has been leading a project to bolster system integrity and security processes.

Bit9 maintains a channel partner program, focusing its efforts on large systems integrators and some regional solution providers. 

While the security industry's focus in the past year or so has been on networking security technologies, solution providers tell CRN that endpoint security is still a key requirement at organizations. Enterprises are focusing more on data protection rather than protecting the endpoint device itself, said Joe Luciano, CEO of King of Prussia, Pa.-based AccessIT Group.

"We don't look at it in terms of devices, we look at it in terms of the data, where it rests and where it is going," Luciano said. "Whether you tackle these issues from the endpoint or network side, eventually it's going to come down to protecting the data at rest or in motion."

Bit9 said its additional funding was led by an existing Bit9 investor and included all other current Bit9 investors -- 406 Ventures, Highland Capital Partners, Kleiner Perkins Caufield & Byers and Sequoia Capital. The company also received a direct investment from Blackstone, an investor in Carbon Black. With this round, Bit9 has raised a total of $120 million.

PUBLISHED FEB. 13, 2014