Endpoint Security is Broken
Attackers are innovating faster than traditional defenses can keep up. In response, the security stack has become too complicated as more products that don’t work together are introduced to fill the gaps. There is a better way. Organizations are moving their endpoint and server security to the cloud to strengthen defenses and simplify operations.
Plan Your Move to Security in the Cloud
At Cloud Force Security, you’ll learn from Carbon Black and VMware experts how to leverage the cloud to better secure your endpoints and servers.
You’ll also have the opportunity to get live, hands-on experience to see the solution in action. Learn about:
- Why you should move security to the cloud
- How to choose the right cloud
- Experiences from companies who have already made the move
- Mapping your move to the cloud
How Do Carbon Black and VMware Help?
VMware and Carbon Black have been working together over the past year to fundamentally change the model for securing the virtualized data center.
We recently announced a new, jointly developed, integrated cloud-based security solution that combines the enforcement of known good application behavior provided by VMware AppDefense with advanced threat detection, prevention and automated remediation provided by Carbon Black’s industry-leading Next-Generation Antivirus (NGAV), Cb Defense.
This new solution provides an unprecedented level of security for applications running on VMware and will help businesses around the world (who are running more than 60 million virtual machines) achieve high levels of security. It is also the industry’s first security solution that fully leverages the unique properties of virtualization plus streaming prevention to prevent, detect and respond to advanced threats. The result is comprehensive endpoint security for the Software Defined Data Center (SDDC.)
Attacks in the data center use different methodologies than those that target end users. Identifying these threats requires a deeper understanding of both intended application behavior and new and emerging threat behavior than traditional endpoint security products possess.
VMware AppDefense + Carbon Black’s Cb Defense
VMware AppDefense leverages the power of the virtual infrastructure to create least privilege environments around applications. It enforces system integrity using the hypervisor, provides visibility into the intended state and behavior of applications, and monitors state and behavior from a protected position.
Cb Defense, running on the Predictive Security Cloud, provides a next-generation endpoint protection solution that applies behavioral approaches to detect threats. It uses Streaming Prevention to monitor for malicious behavior on a machine to protect against malware and non-malware based attacks.
The newly developed joint solution announced today will integrate VMware AppDefense and Cb Defense’s advanced threat protection to provide a unique one-two punch for stopping threats to applications inside the data center.
The solution combines three key elements to advance cloud and data center security:
Enforcing Known Good Application Behavior: By leveraging the virtual infrastructure, the solution will have an authoritative understanding of how data center endpoints are meant to behave and is the first to know when changes are made. This contextual intelligence will remove the guesswork involved in determining which changes to processes, executables, and operating systems inside a given data center endpoint are legitimate and which indicate real threats.
Detecting Unknown Threats: The solution will leverage application context to perform advanced behavioral threat detection to provide additional protection beyond least privilege. Any threat that isn’t prevented by locking down the application’s behavior will be picked up by Carbon Black’s Streaming Prevention – a next-gen threat detection technology that uses event stream processing to correlate multiple events over time to indicate the presence of a threat. Users will be able to see threat activity, visualize the attack chain to see what attackers are trying to do, and respond quickly to shut down attacks in progress.
Automating and Orchestrating Response: Once a threat is identified, the solution will allow for the full understanding of application context during investigation, and again, will use the virtual infrastructure to deliver a library of responses, ranging from suspending or snapshotting a VM, to quarantining the compromised machine and performing forensic analysis.
Beyond these core capabilities, the joint solution adds four unique, benefits:
- Reduces mean time to resolution for alert triage, leveraging application context from AppDefense in Cb Defense for VMware alerts.
- Provides highly precise and automated remediation with orchestrated remediation that triggers off of AppDefense or Cb Defense for VMware alerts and takes actions through both systems.
- Ensures standardized security controls in the datacenter by providing an unmanaged assets view that looks across Cb Defense for VMware and AppDefense pointing out any system not covered.
- Allows you to work from the console of your choice, including your SIEM.
Cloud and virtualization provides enterprises with new security opportunities that go beyond traditional approaches. VMware and Carbon Black are offering the market an opportunity to protect virtual datacenter infrastructures like never before. VMware and Carbon Black are uniquely capable of moving beyond point-security solutions to give enterprises a more robust and holistic approach to securing mission critical applications running in the data center.