Alert Stop Bad Rabbit Ransomware In Its Tracks. Learn more

VMware’s AppDefense and Carbon Black’s Cb Defense Combine to Fundamentally Change the Model for Data Center and Cloud Security

VMwareCb1
TomBarsi
December 7, 2017 / Tom Barsi

Today is an exciting day for the cybersecurity industry! VMware and Carbon Black have been working together over the past year to fundamentally change the model for securing the virtualized data center.

Earlier today, we announced a new, jointly developed, integrated cloud-based security solution that combines the enforcement of known good application behavior provided by VMware AppDefense with advanced threat detection, prevention and remediation provided by Carbon Black’s Next-Generation Antivirus (NGAV), Cb Defense.

This new solution provides comprehensive security for applications running on VMware and will help businesses around the world (who are running more than 60 million virtual machines) achieve strong security. It is also the first security solution that fully leverages the unique properties of virtualization plus streaming prevention to prevent, detect and respond to advanced threats. The result is powerful endpoint security for the Software Defined Data Center (SDDC.)

Keeping Pace with the Speed of Application Change

It’s no secret that applications are becoming more distributed and dynamic. As a result, applications are also becoming more difficult to secure. Traditional security solutions (such as legacy antivirus) are often not flexible enough to keep up with applications as they change over time, leading to breakdowns in security.

The majority of attacks causing damage today are not simple malware easily rooted out with “known bad” signatures. They require watching behavior of applications for any deviation from the norm. They hinge on attackers manipulating the executables, processes, and operating system of the endpoint itself. Identifying these threats requires a deep understanding of both application behavior and threat behavior, something that traditional endpoint security products don’t often possess.

This is where Carbon Black shines. The new integrated, cloud-based security solution announced today combines enforcement of “known good” application behavior with advanced threat detection and remediation.

The new solution from VMware and Carbon Black will dramatically shrink an organization’s attack surface while empowering security teams with automated threat detection and remediation to react faster and more effectively to attacks.

Today’s announcement expands on a collaboration announced earlier this year, giving VMware AppDefense™ customers the ability to leverage Carbon Black’s Predictive Security Cloud™ (PSC) reputation services.

Carbon Black’s PSC is our cloud-based endpoint security platform that it is designed to prevent attacks not yet seen – while most other security solutions only stop attacks they already know about. The PSC is a cloud-based, single-agent, single-console system that’s easy to setup, easy to deploy, and easy to use, providing four key benefits for customers:

  • Predict and prevent attacks never seen before – by looking at unfiltered endpoint data, not just threat-related data – we can see threats that may have never been identified before.
  • Focus and prioritize security efforts – customers can protect themselves from developing attacks that haven’t hit them yet, and we prioritize security issues that need to be fixed first.
  • Security that outpaces the attackers – our cloud-deployed technology lets us innovate fast to address new threats as they arrive, without requiring complex IT deployments.
  • Leverage the value of your entire security stack – Open APIs let customers integrate their other security investments such as network security to help detect more threats and respond to issues faster.

VMWare AppDefense + Carbon Black’s Cb Defense


VMware AppDefense leverages the power of the virtual infrastructure to create least privilege environments around applications. It enforces system integrity using the hypervisor, provides visibility into the intended state and behavior of applications, and monitors state and behavior from a protected position.

Cb Defense, running on the Predictive Security Cloud, provides a next-generation endpoint protection solution that applies behavioral approaches to detect threats. It uses Streaming Prevention to monitor for malicious behavior on a machine to protect against malware and non-malware based attacks.

The newly developed joint solution announced today will integrate VMware AppDefense and Cb Defense’s advanced threat protection to provide a unique one-two punch for stopping threats to applications inside the data center.

The solution combines three key elements to advance cloud and data center security:

Enforcing Known Good Application Behavior: By leveraging the virtual infrastructure, the solution will have an authoritative understanding of how data center endpoints are meant to behave and is the first to know when changes are made. This contextual intelligence will remove the guesswork involved in determining which changes to processes, executables, and operating systems inside a given data center endpoint are legitimate and which indicate real threats.

Detecting Unknown Threats: The solution will leverage application context to perform advanced behavioral threat detection to provide additional protection beyond least privilege. Any threat that isn’t prevented by locking down the application’s behavior will be picked up by Carbon Black’s Streaming Prevention – a next-gen threat detection technology that uses event stream processing to correlate multiple events over time to indicate the presence of a threat. Users will be able to see threat activity in real time, visualize the attack chain to see what attackers are trying to do, and respond immediately to shut down attacks in progress.

Automating and Orchestrating Response: Once a threat is identified, the solution will allow for the full understanding of application context during investigation, and again, will use the virtual infrastructure to deliver a library of responses, ranging from suspending or snapshotting a VM, to quarantining the compromised machine and performing forensic analysis.

Beyond these core capabilities, the joint solution adds four unique, benefits:

  1. Reduces mean time to resolution for alert triage, leveraging application context from AppDefense in Cb Defense for VMware alerts.
  2. Provides highly precise and automated remediation with orchestrated remediation that triggers off of AppDefense or Cb Defense for VMware alerts and takes actions through both systems.
  3. Ensures standardized security controls in the datacenter by providing an unmanaged assets view that looks across Cb Defense for VMware and AppDefense pointing out any system not covered.
  4. Allows you to work from the console of your choice, including your SIEM.

Cloud and virtualization provides enterprises with new security opportunities that go beyond traditional approaches. VMware and Carbon Black are offering the market an opportunity to protect virtual datacenter infrastructures like never before. VMware and Carbon Black are uniquely capable of moving beyond point security solutions to give enterprises a more robust and holistic approach to securing mission critical applications running in the data center.

Please join me in congratulating both the VMware and Carbon Black teams on this latest announcement.

NOTES:

TAGS: Carbon Black / Cloud Security / data center / VMware