Call a Specialist Today! 877-352-0547

VMware Carbon Black Use-Case


Back to Top

Next-Generation Antivirus

Stops Known and Unknown Attacks

NGAV is designed to replace traditional AV, stopping the full spectrum of modern cyberattacks and providing the detection and response capabilities needed to address every threat. NGAV uses a fundamentally different approach to detect and block malicious activity, taking a complete system-centric view of endpoint security rather than simply focusing on point-in-time malware threats.

How Does Carbon Black Help?

CB Defense - Replace Traditional AV With Next-Generation Antivirus


Back to Top

Enterprise AV Replacement

Assess Your NGAV Readiness

To stop attacks in progress enterprises need to invest in emerging endpoint security platforms like next-generation antivirus (NGAV) that incorporate endpoint detection and response (EDR). However, they must ensure the platform is enterprise-ready, able to withstand the scalability demands and administrative requirements inherent to large organizations.

This whitepaper helps enterprises guide their upcoming discussions about NGAV + EDR solutions. However, they must ensure the platform is enterprise-ready, able to withstand the scalability demands and administrative requirements inherent to large organizations.

Prevent Attacks and Stop Breaches

Due to the increased opportunity for financial gain, cyber criminals invest significant time and resources into creating advanced attacks to target enterprises.

Fastest Investigation & Response

During a response scenario, every minute counts. The longer it takes to address an issue, the more risk your business faces.

Easy Operation at Enterprise Scale

Enterprises face a shortage of skilled security professionals, and security teams spend too much time gathering the information they need, limiting the time available to perform true security analysis.

Intelligence and automation in CB Defense optimizes your entire security team


Back to Top

Ransomware Protection

CB Defense Earns Perfect Score on Comprehensive Ransomware Test

CB Defense participated in a broad-based test conducted by independent security firm MRG Effitas against a comprehensive set of fresh and prevalent commodity, master-boot infector, file-less and other types of samples from 42 crypto-ransomware families collected in the wild. CB Defense stopped every sample. Read the report for complete methodology and
detailed results.

Ransomware Roundup

Today's ransomware is innovating at a rapid pace. Going beyond simple file encryption, ransomware increasingly leverages unknown variants and file-less techniques. Learn more about these new techniques and how Carbon Black stops them.

How Does Carbon Black Help?

Ransomware Epidemic: Stop Bad Rabbit In Its Tracks

Ransomware isn’t new. In fact, it’s 30-years-old. What IS new is ransomware’s sudden rise as a favored attack by cyber criminals. Like WannaCry and NotPetya before it, Bad Rabbit is yet another example of an aggressive sample of ransomware that has made a huge impact on the security world in a short time.

Be prepared for the next ransomware outbreak

The recent Petya/NotPetya and WannaCry outbreaks have made one thing perfectly clear: ransomware can bring an organization to its knees. Innovation across all aspects of ransomware have allowed these attacks to infect hundreds of thousands of machines in a matter of hours.

CB Defense - Prevent All Types of Ransomware on All Endpoints

CB Protection - Strongest Ransomware Protection for Servers & Critical Systems


Back to Top

Securing Key Virtualized Infrastructure

Traditional Security is Failing to Protect the Datacenter

As applications have become more distributed and more dynamic, they have become more difficult to secure. Traditional security is failing to protect virtualized infrastructure for several reasons:

Securing The VirtualData Center

The data center contains the most sensitive data an organization has, but traditional security solutions do not provide the protection that sensitive data requires. Creating additional challenges, SecOps and Infrastructure teams struggle to find the balance between security and performance. Organizations need a solution that protects applications and the sensitive data they store, while being optimized for the dynamic nature of the virtualized data center.

What You Should Know about Securing Your Virtualized Infrastructure

Applications in the software-defined data center are becoming more distributed and dynamic than ever. VMware and Carbon Black's combined solution pioneers a new approach to endpoint security for your virtualized environment where traditional AV has generally failed to keep pace.

  1. Application-centric security management makes it easier to secure critical business data and establish baseline intended state behavior
  2. Reduce business impact by providing IT and Security teams with shared visibility into the application context and criticality of individual VMs
  3. Leverage the hypervisor to secure data center applications and remediate threats with precision to maintain business continuity
  4. Protect against lateral movement and datacenter-focused attacks by taking a layered security approach, increasing visibility at all levels, and implementing endpoint protection that actively disrupts attacker behavior
  5. Significantly strengthen your security posture by supporting alignment between IT and Security teams through shared visibility into the environment

How Carbon Black Helps

Carbon Black offers a purpose-built security solution for protecting applications deployed in the virtualized data center. Jointly architected with VMware, the solution seamlessly integrates with VMware AppDefense and provides:

  1. Streaming prevention that can stop malware and non-malware attacks
  2. Live Response that allows administrators to secure remote shell into any protected server to perform full investigations and remediations in minutes
  3. Complete visibility into blocked and detected attacks to show what happened, where it came from, and which machines were affected
  4. Complete detection and response capabilities in a single agent and console
  5. A lightweight agent that does not impact end user performance

All these services are delivered through the CB Predictive Security Cloud
All these services are delivered through the CB Predictive Security Cloud — the endpoint protection platform that consolidates
security in the cloud using a single console and lightweight agent that has little impact on end users.

CB Defense for VMware - Advanced Threat Detection and Prevention


Back to Top

Malware & Non-Malware Protection

Stop Non-Malware Attacks

Stopping a non-malware attack requires a different approach than traditional methods that stop malicious files at a single point in time. Since non-malware attacks leverage a series of known, allowed applications and processes, the entire event sequence must be analyzed to uncover the threat.

How Does Carbon Black Help?

CB Defense - Replace Traditional AV to Stop Malware & Non-Malware Attacks

CB Protection - Advanced Protection for Servers & Critical Systems


Back to Top

Risk & Compliance

New regulations have forced organizations around the globe to rethink data privacy and protection.

To meet the new standards, visibility into all endpoint activity is essential to get critical information that will reduce risk, lower liability, and prove security control assurance across the cybersecurity kill chain.

How Does Carbon Black Help?

CB Defense - PCI & HIPAA Compliant AV Replacement

CB LiveOps - Inspect Every Endpoint On Demand to Track & Prove Compliance

CB Protection - Lock Down Compliance-Mandated Servers & Critical Systems


Back to Top

Threat Hunting

Attackers are Getting Smarter

In today’s world, it’s no longer a matter of if you’ll face a cyberattack, but when. To prevent this, threat hunting has emerged as an essential process for organizations to preempt destructive attacks.

The people defending your organization are your best chance at staying a step ahead of your adversaries. While it may seem aggressive to work on the “assumption of breach,” the reality is that attackers may be inside a network for days, weeks and even months on end, preparing and executing attacks, without any automated defense detecting their presence. Threat hunting stops these attacks by seeking out covert indicators of compromise (IOCs) so attacks can be mitigated before the adversary can achieve their objectives.

Join a Live Demo of CB ThreatHunter on the VMware Carbon Black Cloud™

Join us the third Wednesday of each month at 1:00 PM EST (10:00AM PST) for our 45-minute PSC live demo to learn how to:

Threat Hunting Basics

SOC and IR teams need a way to dive deeper into the data to make their own judgments.

Threat hunting reduces the cost of a breach. In the event that you do need to respond to an incident, the fact that you’ve been threat hunting — and have already collected and centralized all the endpoint data in your environment — will significantly reduce the time and money you spend responding and remediating. The average total cost of a breach is $3.86 million, and breaches that take over 30 days to contain can cost companies an extra $1 million.

Threat hunting allows you to find gaps and fine tune your environment. 91% of organizations reported improvements in speed and accuracy of response as a direct result of their threat hunting practices.

Advanced Threat Hunting

Threat Hunting Requires the Right Data

77% of respondents to a recent SANS Survey said that endpoint data was critical for conducting proactive threat hunts. If you are only deploying scan-based technologies on the endpoint, or rely on a tool that filters out information not known to be malicious yet, you are leaving gaps in your data collection coverage, and losing the full context of any attack. When preparing to hunt for threats, ensuring that your endpoint security tools can continuously collect all the critical data necessary to conduct immediate and conclusive threat discovery is indispensable.

Combing through logs and SIEM data for indicators of compromise (IOCs) can be tedious, time consuming and expensive. By proactively capturing and storing all unfiltered endpoint activity, whether known to be bad or not, enterprises can instantly leverage a comprehensive historical record of their environment for effective threat hunting.

How can Carbon Black Help?

Carbon Black offers threat hunting capabilities through the VMware Carbon Black Cloud, the endpoint protection platform that consolidates security in the cloud using a single nd lightweight agent that has little impact end users. The PSC delivers scaleable hunting; this sophisticated detection combines custom and cloud-native threat intel, automated watchlists, and integrations with the rest of your security stack to efficiently scale your hunt across the enterprise

Threat Hunting Tools

Whether you are investigating past activities or searching in real time, Carbon Black provides the tools you need to hunt threats across your enterprise.

CB ThreatHunter - Detect & Respond to Advanced Attacks with Unfiltered Visibility in the Cloud

CB LiveOps - Ask Questions & Take Action in Real Time

CB Response - Detect & Respond to Advanced Attacks with Unfiltered Visibility in Specialized Environments and SOCs


Back to Top

Incident Response

Increase Visibility to Respond Faster

Incident response is about getting answers quickly. To start, you need the details of all endpoint activity available to you at all times. This allows your responders to visualize the attack, see it evolve, and determine the root cause of an infiltration and its intended targets. With complete visibility, you'll be able to quickly find conclusive answers to the questions you're asking.

How Does Carbon Black Help?

CB Defense - Comprehensive Visibility Integrated Into Cloud-Native NGAV

CB LiveOps - Get Visibility into the Current State of Every Endpoint

CB Response - Industry-Leading EDR for SOCs & Incident Response Teams


Back to Top

Locking Down Critical Systems

They Are 'Critical' for a Reason

Critical systems are increasingly targeted because they contain the most valuable information. These systems cannot afford a moment of unscheduled downtime or performance degradation as they are the lifeblood of the organization. Companies whose systems hold highly sensitive data must utilize a solution that can guarantee their data won’t be breached or stolen.

Reducing Risk

There are compensating controls that businesses can implement to help reduce the risk to their critical servers. Some of the key methods are virtualization, and application control/whitelisting.

Virtualization
Hosting assets within a virtualized environment can provide a number of security benefits; increased control over critical assets, ease of re-imaging in the event of a compromise, and the ability to limit critical server exposure to an environment. If an asset becomes a target, it can be quickly isolated and re-initialized. but for critical servers running applications that require round-the-clock access, virtualization represents a possibility of increased administration and resources. It can also lead to failed compliance policies by virtue that in-scope data must be controlled or cannot run within a virtual environment.

Application Control and Whitelisting
Application whitelisting is a security model focused on allowing known “good” applications to run rather than blocking known “bad.” By only allowing trusted software to run, application whitelisting will stop exploits and reduce the administration associated with system and application patching and updates. In “default-deny” mode, application whitelisting is a highly effective compensating control to meet regulatory compliance standards and harden out-of-date systems.

How Does Carbon Black Help?

CB Protection was the only solution to stop 100% of attacks in NSS Labs 2017 Advanced Endpoint Protection (AEP) test.

CB Defense - Lock Down Servers & Critical Systems


Back to Top

POS, Fixed Function & Industrial Control Systems

Block Attacks Against Industrial Systems

Protecting hardened and fixed-function devices like point-of-sale (POS) and industrial control systems is challenging; they use a wide variety of specialized operating systems and support specific, nonstandard applications and protocols. These devices require flexible policies, effective enforcement, and lightweight agents to stay protected without compromising usability or uptime.

How Does Carbon Black Help?

CB Defense - PCI-Compliant AV Replacement

CB Protection - PCI-Compliant Critical System Protection