Endpoint Security

VMware Carbon Black brings world-class security expertise to the world leader in endpoint management and virtualization for networking and infrastructures. The inclusion of Carbon Black in the VMware suite provides organizations with the opportunity to use the Carbon Black technology and apply it to the fabric of the compute stack. By doing this organizations are able to leverage the unlimited, on demand scale of the VMware Carbon Black Cloud and modernize their endpoint and workload security stack by consolidating both technologies using one single lightweight agent.

Carbon Black

Carbon Black

A cloud-native endpoint protection platform that combines the intelligent system hardening and behavioural prevention needed to keep emerging threats at bay, using a single lightweight agent and an easy-to-use console.

  • Superior Protection - using predictive modelling and streaming analytics to stay ahead of sophisticated threats.
  • Actionable Visibility - accelerating investigations allowing professionals to respond confidently to threats using a comprehensive picture of past and present events.
  • Simplified Operations — consolidating multiple capabilities in the cloud using a single endpoint agent console and dataset.
  • Platform Extensibility — leveraging pre-built integrations and open APIs to share data across the security stack and extract greater value.

Consolidated Endpoint Security, Simplified

At Carbon Black we understand the current state of endpoint security and have built a solution that is uniquely positioned to meet today’s needs. The VMware Carbon Black Cloud is a cloud-native endpoint protection platform that combines the intelligent system hardening and behavioural prevention needed to keep emerging threats at bay, using a single lightweight agent and an easy to-use console. Instead of needing to deploy a variety of products each with their own setups configurations and policies this solution delivers multiple security capabilities through a common cloud-delivered platform that shares one sensor, one cloud console, and one dataset. As requirements change adding new services is fast and easy eliminating the need for additional CapEx investment or the need to deploy new agents.

The platform is built on a comprehensive endpoint dataset that can be used and shared across tools and services — whether provided by VMware Carbon Black or other vendors. This creates a single source of truth and adds context to security across the board. Additionally this platform was constructed with the understanding that security needs grow and change as the threat landscape evolves.

Solutions ‘cloud’ based

NGAV + Behavioral EDR
VMware Carbon Black’s NGAV + Behavioral EDR solution uses machine learning and behavioural models to analyze endpoint data and uncover malicious activity to stop all types of attacks before they reach critical systems. Carbon Black offers powerful flexible prevention that is able to stop malware ransomware and non-malware attacks. It prevents these attacks automatically whether the endpoint is online or offline from anywhere in the world and is able to keep up with the always changing threat landscape to block emerging never before seen attacks that other solutions may miss.

Carbon Black’s industry-leading detection and response capabilities reveal threat activity in real time so organizations can respond to any type of attack as soon as it’s identified. The root cause of an attack can be uncovered in minutes through visualizations that show every stage of the attack with easy to follow attack chain details. Endpoint Standard lets administrators immediately triage alerts by isolating endpoints blacklisting applications or terminating processes. Professionals can secure shell into any endpoint on or off the network to perform full investigations and recommendations remotely.

Alert Monitoring and Triage
VMware Carbon Black’s managed alert monitoring and triage service provides customers with a world-class professional team of Carbon Black security experts who work side by side with organizations that need more resources to validate and prioritize alerts, uncover new threats and accelerate investigations.

Carbon Black’s US-based experts analyze, validate and prioritize alerts from Carbon Black, helping to ensure that companies don’t miss the threats that matter. The service provides additional, human generated context to alerts, such as connecting alerts caused by the same root cause, to help streamline investigations and resolve security issues. Carbon Black threat experts proactively identify trends by monitoring threat activity across millions of endpoints, providing advice on widespread attacks and retroactively detecting and confirming emerging threats based on iterative discovery techniques. Monthly reports summarize alert data, turning a month’s worth of unfiltered data into actionable recommendations that help security professionals see the bigger picture and continually improve efficacy

Enterprise EDR
VMware Carbon Black’s threat hunting and incident response solution delivers continuous visibility for top security operations centers and IR professionals. Investigations that typically take days or weeks can be completed in just hours. Carbon Black correlates and visualizes comprehensive information about endpoint events, giving IT and security professionals greater visibility into their environments. The solution’s sophisticated detection enables IOC monitoring with your choice of threat intel, including your own custom feeds. This solution extends the automated TTP recognition in Carbon Black’s NGAV and Behavioral EDR solution with deep investigation data and tools to help not only understand current attacks, but also longer term attack patterns. With threat hunting on the VMware Carbon Black Cloud, professionals have the power to respond and remediate in real time, stopping active attacks and repairing damage quickly.

Audit and Remediation
VMware Carbon Black’s real-time assessment and remediation solution enables Security and IT teams to assess and change system state to harden their environment against the most relevant threats. This allows teams to effortlessly benchmark their devices, workloads, and containers against industry standards or regulations from a single console to help minimize risk and simplify operational reporting across the entire fleet.

Carbon Black gives administrators visibility into the most precise details about the current state of all endpoints. It automates operational reporting on patch levels and assesses IT hygiene. When combined with Carbon Black’s threat hunting capabilities live query and response provides an unprecedented level of visibility to speed investigation and threat hunting.

Solutions ‘on premise’ based

Lock down servers and critical systems
Carbon Black App Control is used to lock down servers and critical systems, prevent unwanted changes and ensure continuous compliance with regulatory mandates. Leveraging cloud reputation services, IT-based trust policies and multiple sources of threat intelligence from the VMware Carbon Black Cloud, Carbon Black App Control ensures that only trusted and approved software is allowed to execute on an organization’s critical systems and endpoints.

Carbon Black App Control combines application control, file integrity monitoring, full featured device control and memory/tamper protection into a single agent. Carbon Black App Control watches for behavioral indicators of malicious activity and conducts continuous recording of attack details to provide rich visibility into everything suspicious that attackers attempt to do. With the addition of the File Delete feature, Carbon Black App Control is now a direct control for requirement 5 of PCI DSS, enabling customers to remove traditional antivirus without the need for undergoing the compensating control process.

Offline EDR
Carbon Black EDR is an incident response and threat hunting solution designed for SOC teams with offline environments or on-premises requirements. Carbon Black EDR continuously records and stores comprehensive endpoint activity data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain. It leverages the VMware Carbon Black Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of record for evidence and detection of these identified threats and patterns of behavior.

For more information, call our security consultants at +31 (0) 345 506 105 or send an email to info@isoc24.com