Instead of relying on signatures, Carbon Black combines static and dynamic code analysis to detect
malicious code. Its approach to file-less attacks relies on a continual risk profile assessment to
determine whether a legitimate tool is being misused and, if necessary, block it. The system’s heavy
lifting is all in the cloud, with a lightweight agent on the endpoint that looks at events but does not
scan. Carbon Black is a compelling option for any EPP project, whether greenfield or ripping-and
replacing legacy antivirus.