Now It’s Easier Than Ever to Visualize and Investigate Threats

• Threat Tracer enhances threat investigations by revealing the broader web of relationships between entities—like devices, users, processes and files—beyond what traditional process trees uncover.
• Analysts can access dynamic, visual mapping of attack surfaces, revealing avenues for strategic remediation that avoids tipping off adversaries.
• Users gain interactive graphs that allow them to dynamically explore data points within their environment, helping analysts streamline triage, prioritize responses and uncover hidden threats with clarity and speed.

The jobs of security analysts and threat hunters are often stressful because, let’s be honest, they involve an enormous amount of responsibility. They not only must identify a threat and what may have led to it, but they also must understand its potential implications and possible routes for lateral movement. They need to see the potential blast radius of a threat.

Traditional process-based investigation tools look for causes of threats or attacks, but they usually end there. And while identifying the cause of an attack is critical, ending the investigation there leaves other vital context unexplored. And those unexplored connections to related devices, files, applications or processes could leave you vulnerable. 

Fortunately, the task of understanding the full scope and scale of a threat just got a lot easier. Today, we’re introducing Threat Tracer, an exclusive new feature of Carbon Black Cloud Enterprise EDR that gathers virtually all the information available in your environment and allows analysts to map the relationships that exist between various entities associated with a threat. This results in your ability to understand the context around the threat, and to discover relationships a specific threat may have to entities that would never surface in a process-based investigation.

Relationships that other tools miss

Included with every Carbon Black Cloud Enterprise EDR subscription, Threat Tracer focuses not on hierarchical or causal views, but on relationships between entities, such as devices, processes, files, registry keys, users, hashes, IPs or domains. This powerful tool for visually analyzing threat data extends well beyond traditional causal process trees.

That relationship view, which graphically maps the threat or attack and all affected entities, allows teams to quickly assess the impact of a threat. By taking the larger view of the threat, analysts can consider extensive context before remediating, rather than remediating along the way and risk potentially alerting attackers. Visualizing the threat allows remediation teams to find leverage points they can exploit to stop or contain the attack without tipping off the attacker.

Seeing more, stopping more

Threat Tracer streamlines investigations by helping security teams dynamically explore incidents, thus enabling them to quickly identify and visualize the scope of a particular threat. Analysts can conduct precise, organization-wide investigations across all devices monitored by Carbon Black Cloud. Use cases include:

• Malicious IP. An analyst identifies a suspicious process and uses Threat Tracer to explore the associated file, parent process and impacted devices. Result: The analyst gains a visual overview of all devices running the malicious process, helping them prioritize remediation efforts and understand the scale of the threat.
• Unusual user access. An analyst identifies a user who logged onto a device they weren’t supposed to or don’t usually access. Threat Tracer helps them explore all devices the user logged onto. Result: Security teams spot and block potentially problematic device access–while gaining a visual sense of potentially suspicious user activity.
• Threat hunting. An analyst actively searches for abnormal patterns that might indicate emerging attacks. Result: The analyst can see and stop attacks before they do damage.
• Investigation and triage. An analyst sees the full context surrounding specific entities in an environment, which helps them determine the cause and effect of suspicious events while mapping out their impact on the environment.

Flexible, interactive–and essential

Threat Tracer entities that appear on a graph are live objects whose properties and associated data update whenever you click on an entity to view its details panel. The dynamic nature of these visualizations allows analysts to select relationships between entities for closer investigation, while a minimap feature offers a way to view the entire graph and zoom in for detailed exploration. 

Carbon Black Cloud imposes no limit on the number of maps analysts can create. The solution also automatically groups entities that share similar relationships so analysts gain a clearer view of relationships across large datasets. Grouping reduces visual clutter and can make it easier to analyze trends without getting overwhelmed by individual data points.

Threat Tracer logs all work, which in turn creates a complete track record of actions. Analysts can annotate the log with in-line comments that help streamline collaboration, hand-offs and audits. Working from that consolidated record, analysts can remediate threats more efficiently and effectively. Threat Tracer also autosaves progress, allowing users to stop working and return later to where they left off.

These features are key, because Threat Tracer analyzes and maps all the data available in your Carbon Black Cloud console–and that’s a lot of data. Drilling down and zooming out makes explorations flexible; analysts can view a threat in the way that makes sense to them given the circumstance. Highly customizable, Threat Tracer works the way you want to work.

Lightening the load

A powerful tool for visualizing complex security data, Threat Tracer enables security teams to efficiently investigate and remediate potential threats. With its relationship-based view and intuitive exploration features, this exclusive capability helps you quickly identify attack patterns and respond more effectively to emerging threats. 

Analysts have a huge responsibility on their shoulders. Threat Tracer is here to help ease that burden, while improving their ability to protect your environment. 

For a close look at Threat Tracer, visit us a Black Hat 2025 at Booth 5045.