BlackBerry today announced the launch of BlackBerry® Optics 3.0, the company’s next generation endpoint detection and response (EDR) solution. BlackBerry Optics 3.0 will include a new “data lake” architecture that is cloud-native, with a new search engine, advanced query language, and flexible storage options. The creation of the new architecture is a key milestone in realizing the company’s extended detection and response (XDR) vision.
The new architecture makes BlackBerry® Optics cloud-enabled but not cloud dependent. BlackBerry Optics threat detection and automated response capabilities remain on-device to quickly mitigate attacks at the endpoints in milliseconds, but it allows BlackBerry Optics to gain visibility across the entire organization.
Threat hunters use Endpoint Detection Response (EDR) technologies to continuously monitor, collect and analyze data from endpoint devices to help detect suspicious behavior, block malicious activity, and provide rule-based remediation guidance. A recent IDG survey reported that 82% of its respondents want EDR technology to support both traditional endpoint devices as well as mobile devices, which suggests that these organizations are seeking technologies that can consolidate and centrally manage endpoint and mobile device security in a unified manner.
Mitigating Incidents at the Endpoint
With BlackBerry Optics 3.0, event data collected from all endpoints will be sent to the centralized cloud-native architecture, allowing normalized data to be processed and analyzed easily. An immediate benefit is attack investigation capabilities, with dataset in the cloud, so even when the device is offline, threat hunters are able to collect and use its data.
EDR is key to being able to quickly detect and mitigate threats to PCs, laptops and mobile devices, especially during a time when many attackers have begun leveraging legitimate admin tools and processes to carry out malicious activities. With BlackBerry Optics 3.0, users are able to automate responses within the endpoint and mitigate attacks within milliseconds, providing an unconstrained threat hunting experience enabled by new search engine.
BlackBerry’s AI-driven approach to EDR helps organizations reduce cyber risks by:
- Containing threats with automated responses. These include isolating devices, terminating processes, and taking other appropriate actions that prevent threat actors from hijacking credentials, escalating privileges, moving laterally across the network, or otherwise pursuing their objectives.
- Remediating threats by returning affected systems back to a previously pristine state. This includes eliminating all traces of the attack, along with its persistence mechanisms and forensic artifacts.
- Helping analysts identify the signals of an attack hidden within the massive amounts of historical endpoint telemetry data and metadata stored in the cloud. This includes every file created, every process started, every change to registry keys, every network connection, etc. BlackBerry Optics can accomplish this with automated detection rules driven by AI and contextual analysis.
- Streamlining the process of tracing attacks and identifying security gaps by providing analysts with immediate access to the contextualized data they need for efficient threat hunting and root cause analysis.
Key benefits of BlackBerry Optics 3.0 include:
- Cloud Enabled Architecture: Continuous monitoring and visibility spanning across the entire organization, whether device is online or offline.
- Intelligent Edge AI: Move beyond attack visibility: automated detect and response at machine speed.
- Deep Insight: Advanced search capabilities for improved threat hunting and flexible data retention options.
Prospect Capital Management has implemented BlackBerry Optics to ensure that its remote workforce retained uninterrupted access to the company’s IT systems and data.
“All of the products we evaluated had strengths. It came down to which one we thought would produce the least noise. We concluded that BlackBerry Optics had the most flexible detection and response framework, which would allow us to fine-tune its detection rules to minimize false positives,” said Steven Elliott, CISO at Prospect Capital Management.