Product Security

basic_heading secondary

Carbon Black and GDPR Commitments

text_image_eight full_width

The European Union’s General Data Protection Regulation (“GDPR”) becomes effective on May 25, 2018. GDPR is designed to harmonize data protection laws across the across the European Union (EU) / European Economic area and protect the privacy of the personal data of EU data subjects. GDPR requires entities that process personal data of EU data subjects to incorporate certain fundamental concepts into their information security and data privacy processes and operations.

At Carbon Black, we understand the importance of our customers’ personal data.  We are committed to our customers’ success, including compliance with the GDPR. We have taken a comprehensive approach to our  GDPR compliance activities, and to the extent necessary are finalizing the updates and changes to our data processing policies, operations, activities, and documentation in anticipation of the GDPR effective date.

In addition to our own GDPR compliance, Carbon Black’s products and services can help support our customers’ security, risk, and compliance program efforts relating to GDPR and other privacy regulations. Click here to learn more.

If you have additional questions relating to Carbon Black’s internal GDPR compliance activities, please contact our compliance team at

basic_heading secondary

Secure Development From the Ground Up

Securing our products from planning to development and deployment.

  • Product Risk Management Plan

    A bottom-up evaluation of the risks to product security, the mitigations in place to reduce risks, and the areas we are investing in to further reduce risks within our products

  • Secure Development Lifecycle

    Activities during software development required to ensure security is deliberately considered during planning, development, and release testing

  • Security Response Center

    Monitoring for and responding to vulnerabilities in our products post-release

basic_heading secondary

Secure Operations in the Cloud

Ensuring the security and privacy of your data in our cloud environment.

  • Cb Response Cloud

    Cloud-based threat hunting and incident response for SOC teams

  • Cb Defense

    Cloud-delivered next-generation antivirus + EDR for all endpoints

  • Cb Predictive Security Cloud

    Threat and attack analytics for all Carbon Black customers

text_image_eight narrow

Our security controls are audited each year, following the AICPA SSAE-16 SOC 2 guidelines for the Security, Confidentiality, and Availability principles. A summary of the most recent report is available here. The full report is available on request.

All Cb Cloud Services follow DevOps principles and are either using or are on the path to automated, continuous deployment for all application code. Security practices in the DevOps model are a little different than those in a traditional enterprise IT model. An overview of DevOps and its relation to security is available in this DevOps and Security whitepaper.

To report a security vulnerability in a Carbon Black product, click here.