VMware Carbon Black Cloud: Basic Features

By CIO Applications| Wednesday, July 29, 2020

VMWare Carbon Black Cloud prevents all sections of malicious activities and changes detected behaviors to actionable prevention measures.

FREMONT, CA: VMWare Carbon Black Cloud is a software that serves as multiple endpoint security solutions by utilizing only one agent and console for more productive functioning. It implements machine learning and analytics to the endpoint and cloud to determine and alleviate loopholes and misconfigurations and make it difficult to compromise the system.

Using various security tools makes the system complicated with improper configuration and alignment, creating gaps within the network, making it easy for lateral movements, malware, ransomware attacks, and other threats and risks to gain unauthorized access. This hindrance keeps analysts and security tools for collecting information to strengthen, avoid, examine, and respond to the threats. VMWare Carbon Black Cloud provides continuous device assessment in real-time to analyze the present state of more than 1,500 artifacts on any endpoint and track IT safety.

The widget-based dashboard can be easily customized by analysts to show the information that organizations consider essential. It also provides an overview of all the activity happening within an environment and prioritize data through top alerts on applications and devices and shows updated threat reports directly from the internal threat research team.

An expanded version of the information contained in an easily digestible report is available in each widget with a download button that exports it. Other report options are available as well, which can be easily pulled using live queries. These live queries can display threats that existed within an environment before VMware Carbon Black Cloud was installed. The triage window shows at-a-glance information about events with a “Take Action” button, which an analyst may click to respond to threats quickly.

Every step an attacker takes is shown on the process tree, from root cause to final activity, offering a detailed breakdown of even information and any corresponding ATT&CK tags. Analysts can take direct or remote action within the process analysis view when it shows possible suspicious activity with a priority indicator that scores alert severity depending on the type of activity and the priority assigned to the endpoint.

Search fields encompass in-depth filter insight, search guides assist in threat hunting through alerts, process analyses, and investigations, and the search bar displays parent-to-child process relationships, increasing the advancement and efficiency of the threat hunting abilities.

Every endpoint captures the time-of-execution data, which maintains the platform’s ample storage of good and bad software. Carried out attacks are hit by the watchlist and alert on parts of information that may need more investigation.

VMWare Carbon Black Cloud prevents all sections of malicious activities and changes detected behaviors to actionable prevention measures. Security professionals will find VMWare Carbon Black Cloud, a robust endpoint security solution that maximizes security and optimizes the efficiency of existing security investments and overall operations.