Product Risk Management Plan
A bottom-up evaluation of the risks to product security, the mitigations in place to reduce risks, and the areas we are investing in to further reduce risks within our products
Secure Development Lifecycle
Activities during software development required to ensure security is deliberately considered during planning, development, and release testing
Security Response Center
Monitoring for and responding to vulnerabilities in our products post-release
Cb Response Cloud
Cloud-based threat hunting and incident response for SOC teams
Cloud-delivered next-generation antivirus + EDR for all endpoints
Collective Defense Cloud
Threat and attack analytics for all Carbon Black customers
Our security controls are audited each year, following the AICPA SSAE-16 SOC 2 guidelines for the Security, Confidentiality, and Availability principles. A summary of the most recent report is available here. The full report is available on request.
All Cb Cloud Services follow DevOps principles and are either using or are on the path to automated, continuous deployment for all application code. Security practices in the DevOps model are a little different than those in a traditional enterprise IT model. An overview of DevOps and its relation to security is available in this DevOps and Security whitepaper.
To report a security vulnerability in a Carbon Black product, click here.