In looking at the solutions available for threat protection (and detection), there are quite a few options out there. Some, like Damballa Failsafe, are network-based, vigilantly watching packets across the network and looking for indications of undesirable activities/behaviors and content. Others are host-based, like Bit9 + Carbon Black, using an agent on the endpoint, to persistently defend the endpoint as a beachhead against undesired, malicious processes trying to execute. Each has its use cases and strong points, but together they provide a significantly broader perspective and richer context for driving response.
While sitting on the network and inspecting packets allows for early detection and prevention, there are a number of use cases where the network solution will see the attack, but needs visibility from the endpoint agent to gain more context of the situation. For example, Failsafe on the network may detect malicious network traffic, and being able to query an endpoint agent, like Carbon Black, allows the malicious network traffic to be correlated to the file and process that initiated it. Having defensive and forensic capabilities on the endpoint is a significant advantage. (See my guest blog on Information Security Buzz on this topic.)
There is a tremendous amount of information concerning activities in our IT environments. IT wants not only to know it all but also to be able to make sense of it quickly to improve prioritization (thus reducing risk faster) and reduce workforce impact (to maintain a more motivated and productive team). With greater penalties for failure and the increasing workforce dynamics caused by the increasing shortage of IT workers, both of these benefits are key to the business. The Bit9 + Carbon Black and Damballa integration partnership addresses these key needs and issues.
This sort of technology symbiosis occurs often within the tech industry with both acquisitions and partnerships. This is part of the tech lifecycle, so I expect to see further collaboration and consolidation in this area as the various smaller competitors, point solutions, and focused technologies that have limited breadth but significant domain depth move to not only survive but thrive in this burgeoning but competitive landscape.
To learn more about the Damballa/ Bit9 + Carbon Black partnership, see their press release. https://www.bit9.com/company/news/press-releases/damballa-bit9-carbon-black-partner-deliver-integrated-network-endpoint-protection/