VMware Carbon Black has long been recognized as a leader in cloud-native security technology. We pioneered EDR then expanded the platform to allow customers to identify risk, prevent attacks and detect and respond with one solution.
In the last year, you’ve seen Carbon Black release innovative capabilities like workload security for private and public clouds. You learned how the platform is powered by a threat-intelligence cloud that brings together advanced machine intelligence and the human skill of our threat analysts to provide the context you need to make good decisions and be future-ready as the threat landscape evolves.
Releasing innovative capabilities is exciting but the practical considerations of usability are always top of mind as we work to make the Carbon Black endpoint and workload protection platform the best technology to support our customers' security journey.
To that end, we are proud to announce multiple improvements to Carbon Black Cloud’s prevention capabilities, including the addition of Host-based Firewall and enhanced prevention policies. These releases are designed to simplify policy management, improve alert resolution, enhance network behavioral controls, and help scale the application of policies to endpoints and workloads.
Carbon Black Cloud Host-based Firewall:
Host-based Firewall enables SOC teams to further consolidate their security stack by eliminating legacy endpoint solutions and moving their endpoint protection to the cloud. Carbon Black Cloud Host-based Firewall replaces legacy firewall solutions with a lightweight, rule-based solution that’s easy to manage at enterprise scale. This feature provides the ability to create rules that govern network behaviors of applications across endpoints in your environment.
Host-based Firewall capabilities are built into the existing Policy page in the Carbon Black Cloud console, making it easy for analysts to manage all of their endpoint and workload policies using a common console and workflow.
Core Prevention Policies:
In addition to Host-based Firewall, the Carbon Black TAU team has updated the Core Prevention policies to provide users with additional visibility and control over automated prevention of behaviors detected on their monitored assets. These improvements enable analysts to move more quickly when securing their environment from the ever-changing threat landscape. This release gives customers visibility into and control over the types of threats our TAU team is protecting them from without requiring any additional tuning to protect against the latest threats. In upcoming releases, customers will gain additional control over the prevention policy settings that are applied to their endpoints and workloads.
In this release, customers will now be able to control the application of core preventions that have until now been behind the scenes, zero-touch preventions delivered by our threat-analysis unit. For most of our customers, knowing Carbon Black has their back by authoring policies that address the latest threats is a strong benefit. But in some cases, customers have told us they need the ability to manage these policy groups.
In this release, administrators can choose the following actions for each core prevention rule category:
- Block and alert (prevention is applied)
- Alert only
Core Prevention is the first in a series of updates around policy simplification and includes the framework for additional innovation. Core Prevention simplifies policy configuration for high-confidence preventions and detections; making policy management easier while still giving administrators customizability and control.
In a future release, administrators will be able to make process-based exclusions to Core Preventions, allowing them to make exclusions for certain behavior without disabling the entire prevention category.
These latest improvements help you modernize your security tool set, reduce complexity and deliver security to your organization with speed and confidence. Combining the ability to fine tune prevention policies and to create policies based on network traffic into a single console will streamline workflows and reduce alert fatigue so that you can focus on responding to the latest attacks with speed and confidence.
For more information about these releases, check out the resources below: