small align text-align-left refresh

Product Security

basic_heading secondary align text-align-left color text-black refresh

Carbon Black and GDPR Commitments

text_image_eight full_width

The European Union’s General Data Protection Regulation (“GDPR”) becomes effective on May 25, 2018. GDPR is designed to harmonize data protection laws across the across the European Union (EU) / European Economic area and protect the privacy of the personal data of EU data subjects. GDPR requires entities that process personal data of EU data subjects to incorporate certain fundamental concepts into their information security and data privacy processes and operations.

At Carbon Black, we understand the importance of our customers’ personal data.  We are committed to our customers’ success, including compliance with the GDPR. We have taken a comprehensive approach to our  GDPR compliance activities, and to the extent necessary are finalizing the updates and changes to our data processing policies, operations, activities, and documentation in anticipation of the GDPR effective date.

In addition to our own GDPR compliance, Carbon Black’s products and services can help support our customers’ security, risk, and compliance program efforts relating to GDPR and other privacy regulations. Click here to learn more.

If you have additional questions relating to Carbon Black’s internal GDPR compliance activities, please contact our compliance team at

basic_heading secondary align text-align-left color text-black refresh

Secure Development From the Ground Up

Securing our products from planning to development and deployment.

three_up_bullets color bg-white refresh
Product Risk Management Plan

A bottom-up evaluation of the risks to product security, the mitigations in place to reduce risks, and the areas we are investing in to further reduce risks within our products

Secure Development Lifecycle

Activities during software development required to ensure security is deliberately considered during planning, development, and release testing

Security Response Center

Monitoring for and responding to vulnerabilities in our products post-release

padding refresh
cta align left refresh
basic_heading secondary align text-align-left color text-black refresh

Secure Operations in the Cloud

Ensuring the security and privacy of your data in our cloud environment.

three_up_bullets color bg-gray refresh
Cb Response Cloud

Cloud-based threat hunting and incident response for SOC teams

Cb Defense

Cloud-delivered next-generation antivirus + EDR for all endpoints

Cb Predictive Security Cloud

Threat and attack analytics for all Carbon Black customers

padding refresh
cta align left refresh
text_image_eight narrow

Our security controls are audited each year, following the AICPA SSAE-16 SOC 2 guidelines for the Security, Confidentiality, and Availability principles. A summary of the most recent report is available here. The full report is available on request.

All Cb Cloud Services follow DevOps principles and are either using or are on the path to automated, continuous deployment for all application code. Security practices in the DevOps model are a little different than those in a traditional enterprise IT model. An overview of DevOps and its relation to security is available in this DevOps and Security whitepaper.

To report a security vulnerability in a Carbon Black product, click here.