The European Union’s General Data Protection Regulation (“GDPR”) becomes effective on May 25, 2018. GDPR is designed to harmonize data protection laws across the across the European Union (EU) / European Economic area and protect the privacy of the personal data of EU data subjects. GDPR requires entities that process personal data of EU data subjects to incorporate certain fundamental concepts into their information security and data privacy processes and operations.
At Carbon Black, we understand the importance of our customers’ personal data. We are committed to our customers’ success, including compliance with the GDPR. We have taken a comprehensive approach to our GDPR compliance activities, and to the extent necessary are finalizing the updates and changes to our data processing policies, operations, activities, and documentation in anticipation of the GDPR effective date.
In addition to our own GDPR compliance, Carbon Black’s products and services can help support our customers’ security, risk, and compliance program efforts relating to GDPR and other privacy regulations. Click here to learn more.
If you have additional questions relating to Carbon Black’s internal GDPR compliance activities, please contact our compliance team at firstname.lastname@example.org.
Product Risk Management Plan
A bottom-up evaluation of the risks to product security, the mitigations in place to reduce risks, and the areas we are investing in to further reduce risks within our products
Secure Development Lifecycle
Activities during software development required to ensure security is deliberately considered during planning, development, and release testing
Security Response Center
Monitoring for and responding to vulnerabilities in our products post-release
Cb Response Cloud
Cloud-based threat hunting and incident response for SOC teams
Cloud-delivered next-generation antivirus + EDR for all endpoints
Cb Predictive Security Cloud
Threat and attack analytics for all Carbon Black customers
Our security controls are audited each year, following the AICPA SSAE-16 SOC 2 guidelines for the Security, Confidentiality, and Availability principles. A summary of the most recent report is available here. The full report is available on request.
All Cb Cloud Services follow DevOps principles and are either using or are on the path to automated, continuous deployment for all application code. Security practices in the DevOps model are a little different than those in a traditional enterprise IT model. An overview of DevOps and its relation to security is available in this DevOps and Security whitepaper.
To report a security vulnerability in a Carbon Black product, click here.