Problems that solves
Unauthorized access to corporate IT systems and data
Shortage of inhouse IT resources
No centralized control over IT systems
Risk of data loss or damage
Risk of attacks by hackers
Non-compliant with IT security requirements
Values
Ensure Security and Business Continuity
Ensure Compliance
Manage Risks
Centralize management
About Product
Description
Threat Hunting & Incident Response for Hybrid Deployments
Enterprise security teams struggle to get their hands on the endpoint data they need to properly investigate and proactively hunt for abnormal behavior. Security and IT professionals lack the ability to see beyond suspicious activity and need a way to dive deeper into the data to make their own judgments.
Carbon Black EDR is an incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements. Carbon Black EDR continuously records and stores comprehensive endpoint activity data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain. It leverages the VMware Carbon Black Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of record for evidence and detection of these identified threats and patterns of behavior.
Top SOC teams, IR firms and MSSPs have adopted Carbon Black EDR as a core component of their detection and response capability stack. Customers that augment or replace legacy antivirus solutions with Carbon Black EDR do so because those legacy solutions lack visibility and context, leaving customers blind to attacks. Carbon Black EDR is available via MSSP or directly via on- premises deployment, virtual private cloud or software as a service.
Key Capabilities Continuous and Centralized Recording Centralized access to continuously recorded endpoint data means that security professionals have the information they need to hunt threats in real time as well as conduct in-depth investigations after a breach has occurred. Live Response for Remote Remediation With Live Response, incident responders can create a secure connection to infected hosts to pull or push files, kill processes, perform memory dumps and quickly remediate from anywhere in the world. Attack Chain Visualization and Search Carbon Black EDR provides intuitive attack chain visualization to make identifying root cause fast and easy. Analysts can quickly jump through each stage of an attack to gain insight into the attacker’s behavior, close security gaps and learn from every new attack technique to avoid falling victim to the same attack twice. Automation via Integrations and Open APIs Carbon Black boasts a robust partner ecosystem and open platform that allows security teams to integrate products like Carbon Black EDR into their existing security stack.
BENEFITS
FEATURES
Key Capabilities Continuous and Centralized Recording Centralized access to continuously recorded endpoint data means that security professionals have the information they need to hunt threats in real time as well as conduct in-depth investigations after a breach has occurred. Live Response for Remote Remediation With Live Response, incident responders can create a secure connection to infected hosts to pull or push files, kill processes, perform memory dumps and quickly remediate from anywhere in the world. Attack Chain Visualization and Search Carbon Black EDR provides intuitive attack chain visualization to make identifying root cause fast and easy. Analysts can quickly jump through each stage of an attack to gain insight into the attacker’s behavior, close security gaps and learn from every new attack technique to avoid falling victim to the same attack twice. Automation via Integrations and Open APIs Carbon Black boasts a robust partner ecosystem and open platform that allows security teams to integrate products like Carbon Black EDR into their existing security stack.
BENEFITS
- Faster end-to-end response and remediation
- Accelerated IR and threat hunting with continuous endpoint visibility
- Rapid identification of attacker activities and root cause
- Secure remote access to infected endpoints for in-depth investigation
- Better protection from future attacks through automated hunting
- Unlimited retention and scale for the largest installations
- Reduced IT headaches from reimaging and helpdesk tickets
FEATURES
- Out-of-the-box and customizable behavioral detection
- Multiple, customizable threat intel feeds
- Automated watchlists capture queries
- Process and binary search of centralized data
- Interactive attack chain visualization
- Live Response for rapid remediation
- Open API sand 120+ out-of-the-box integrations
- On-prem, virtual private cloud, SaaS, or MSSP
- Windows & Windows Server
- MacOS
- Red Hat
- CentOS
- Oracle RHCK
- SuSE
- Clouds or On-Premise
Scheme of work
Competitive products
Deployments with this product
User features
Roles of Interested Employees
Chief Executive Officer
Chief Information Officer
Chief Technical Officer
Chief IT Security Officer
Organizational Features
IT Security Department in company
GDPR Compliance
Own Data Center