Carbon Black EDR is an incident response and threat capture solution designed for security operations center (SOC) teams in offline environments as well as on-premises requirements.
Carbon Black EDR continuously captures and stores comprehensive endpoint activity data, so security professionals can detect threats in real time and visualize the complete attack kill chain. It fully leverages VMware Carbon Black Cloud threat intelligence, which is applied to the endpoint activity recording system to store detection evidence of identified threats as well as their behavior patterns. Security Professionals and Systems Administrators need the ability to detect threats on all endpoints in their environment, regardless of operating system.
The core security component of Carbon Black is malware protection. VMware Carbon Black Cloud Endpoint Standard uses a class of antivirus known as NGAV (next-generation antivirus).
Carbon Black’s NGAV uses technology such as artificial intelligence (AI) to improve its ability to catch malware. This sets it apart from traditional antivirus software, which relies primarily on file-based malware signatures.
Today’s cybercriminals have evolved their attacks to include all types of malware techniques, not just file-based attacks. NGAV meets this challenge by combining artificial intelligence with behavioral analysis, threat intelligence, and predictive analytics to detect both known and unknown threats.
NGAV is a powerful approach because it detects advanced malware attacks, such as fileless threats and polymorphic threats. This allows Carbon Black to analyze event streams across computer files, processes, and applications, as well as network connections. All of these capabilities allow Carbon Black to recognize an attack as it unfolds, so it can block it as soon as it starts.
In tests conducted by the independent testing firm AV-Test Institute, Carbon Black blocked 100% of more than 13,000 malware samples.
Against 370 zero-day attacks, Carbon Black was able to stop 97.4%. These attacks are difficult to defend against, as they exploit software vulnerabilities to bypass security. At the same time, it also responded very well to false positives. While competing solutions falsely identified an average of 27 legitimate applications as malware when evaluating more than a million samples, Carbon Black flagged just six.
Scalable Threat Hunting
VMware Carbon Black EDR offers us the ability to never hunt the same threat twice, combining threat intelligence, custom and cloud-based and automated watchlists
Instant Response
VMware Carbon Black EDR offers the ability to respond and recover in real time
Continuous and centralized event logging
Centralized access to continuously recorded data from an endpoint is provided, thus providing information for searching for threats in real time. In-depth investigations can be conducted after a breach.
Instant Response and Remote Recovery
When dealing with incidents, there is the ability to create a secure connection to infected hosts to pull or push files, execute kill processes. Rapid recovery is achieved from anywhere in the world.
Visualize and search the Attack Chain
Investigations that would normally take days or weeks can be completed in minutes. VMware Carbon Black EDR collects and visualizes comprehensive information about events on an endpoint. Carbon Black EDR provides a visual representation of the attack chain to quickly and easily identify the root cause. Analysts can quickly traverse each stage of an attack to gain insight into attacker behavior, close security gaps, and more.
Carbon Black analyzes the attack chain in a graphical representation. This interactive diagram allows you to click on any part of the attack chain to see details such as what actions it takes and to which IP address.
Automation through Integrations and Open APIs
VMware Carbon Black enables integration with your SOC through a robust ecosystem of partners and Open APIs.