VMWare Carbon Black Cloud does the work of multiple endpoint security solutions, using only one agent and console for more efficient operation. This software applies analytics and machine learning to the endpoint and cloud to identify and reduce vulnerabilities and misconfigurations and make systems harder to compromise.

The use of multiple security tools increases system complexity, leading to more misconfigurations and misalignments that then create visibility gaps within a network and leave the door open to non-malware attacks, ransomware, lateral movements, and other advanced threats. Insufficient visibility prevents analysts and autonomous security tools from gathering the context necessary to harden, prevent, investigate and respond to threats. VMWare Carbon Black Cloud gives ongoing device assessments in real-time to analyze the current state of more than 1,500 artifacts on any endpoint and track IT hygiene.

Analysts can easily customize the widget-based dashboard so that it displays the information that their organizations consider important. The widgets show an overview of all activity occurring within an environment and prioritize data through top alerts on applications and devices and updated threat reports that come directly from the internal threat research team. Each widget has a download button that exports an expanded version of the information it contains in an easily digestible report. Other report options are available and easy to pull, using live queries. These same live queries can also show threats that existed within an environment before VMware Carbon Black Cloud was ever installed. The triage window shows at-a-glance information about events with a “Take Action” button analysts may click to respond to threats quickly.

The process tree shows every step an attacker takes, from root cause to final activity, giving a line-by-line breakdown of enriched event information and any corresponding MITRE ATT&CK tags. It displays potentially suspicious activity with a priority indicator that scores alert severity based on the type of activity and the priority assigned to the endpoint. Analysts may also take direct or remote action within the process analysis view.

Search guides of alerts, investigations, and process analyses aid threat hunting, while the search fields themselves cover in-depth filters in an intuitive and granular way. The search bar displays parent-to-child process relationships, adding to the sophistication and effectiveness of the threat hunting capabilities. The time-of-execution data, captured from every endpoint, maintains the platform’s massive repository of known good and bad software. Watchlist hits target known vectors of attack and automatically alert on pieces of information that may require further investigation.

Overall, security pros will find VMWare Carbon Black Cloud a solid endpoint security solution. The cloud-native platform stops all areas of malicious activities and turns detected behaviors into actionable prevention measures. Analysts may implement such measures to harden security posture and maximize the efficiency of existing security investments and overall operations.

The product costs $40 per endpoint, per year and includes 12/5 phone, email and website support. Additional support options are available for a fee. Organizations also have access to a searchable knowledgebase and FAQ list. The support portal contains extensive documentation and training materials.  

Written by Katelyn Dunn

Tested by Tom Weil