Core Capabilities

Back Home

Only Carbon Black enables organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals to shift the balance of power back to security teams.

The security war has moved to the endpoint because that’s where an organization’s critical information resides. Other endpoint security solutions leave security teams in a “reactive, flying blind, go-it-alone” posture against a relentless wave of attackers. Carbon Black changes that with five core capabilities that no other single endpoint security solution can offer.

Know what’s happening on every computer—right now.

You will have immediate real-time visibility—without sweeps, scans or polls—into the files, executions, network connections, and critical system resources on every machine, and the relationships between them. You’ll know how every file got there, what created it, when it arrived, what it did, if it made a network connection, if it deleted itself, if a registry setting was modified, and much more.

See, record and centralize everything

Only Carbon Black delivers robust and actionable advanced threat detection by leveraging the combination of continuous endpoint sensor data, centralized recording and instant, aggregated threat intelligence powered by millions of endpoints and a global network of intelligence partnerships. By leveraging dynamic file analysis, software reputation and attack classification intelligence against your endpoint & SIEM data, you will see threats faster, eliminate false positives, and diagnose severity quicker to stop attacks before compromise. No waiting for signature file updates. No testing and updating .dat files. You get immediate, proactive, signature-less, crowd-sourced detection.

Instantly isolate, terminate, and remediate threats.

Carbon Black is the industry’s only endpoint threat detection and response solution for SOC and IR teams that combines continuous recording and live response capabilities. These integrated capabilities enable responders to “go back in time” to see what happened on any of their organization’s machines to understand the full “kill chain” of an attack, remotely inspect that machine, isolate it from the network, and stop attacks by globally blocking the execution of suspicious executables to prevent data exfiltration and the possibility of a breach. With Carbon Black’s Live Response solution, responders also can customize their on-sensor actions by using third-party response tools as part of a live Carbon Black session with an endpoint rather than dropping administration credentials to jump from tool to tool. All of Carbon Black’s response capabilities also extend to its open APIs, enabling responders to push Carbon Blacks’ capabilities out to custom tools or integrate with third-party solutions for the best possible response.

Stop attacks with multiple prevention techniques

With Carbon Black, you can choose from different forms of advanced endpoint prevention to match your business and systems. Carbon Black’s proactive “Default-Deny” approach ensures that only software you trust can run on your machines. Carbon Black’s “Detect-and-Deny” technology uses ATIs to detect malware and stop its execution, and Carbon Black’s unique “Detonate-and-Deny” approach automatically sends every new file that arrives on any endpoint or server to leading network security tools for “detonation.” If they find malicious files, Carbon Black will automatically stop them from running on all of your machines—instantly.

Share data, intelligence and capabilities

Carbon Black is the most open and extensible endpoint security solution in the market. Use the platform’s open APIs to optimize your security process by quickly integrating endpoint data with your full security stack. You’ll have the freedom to pull in capabilities from other security solutions and threat intelligence feeds, as well as extend the data captured by Carbon Black and expose its full feature set to third-party or home-grown security products.

Voted #1 in Endpoint Protection by Security Professionals

2000+
Customers
1000+
Application Control Deployments
7M
Licenses
70+
IR/MSSPs