Product Security

basic_heading secondary

Secure Development From the Ground Up

Securing our products from planning to development and deployment.

  • Product Risk Management Plan

    A bottom-up evaluation of the risks to product security, the mitigations in place to reduce risks, and the areas we are investing in to further reduce risks within our products

  • Secure Development Lifecycle

    Activities during software development required to ensure security is deliberately considered during planning, development, and release testing

  • Security Response Center

    Monitoring for and responding to vulnerabilities in our products post-release

basic_heading secondary

Secure Operations in the Cloud

Ensuring the security and privacy of your data in our cloud environment.

  • Cb Response Cloud

    Cloud-based threat hunting and incident response for SOC teams

  • Cb Defense

    Cloud-delivered next-generation antivirus + EDR for all endpoints

  • Cb Predictive Security Cloud

    Threat and attack analytics for all Carbon Black customers

text_image_eight narrow

Our security controls are audited each year, following the AICPA SSAE-16 SOC 2 guidelines for the Security, Confidentiality, and Availability principles. A summary of the most recent report is available here. The full report is available on request.

All Cb Cloud Services follow DevOps principles and are either using or are on the path to automated, continuous deployment for all application code. Security practices in the DevOps model are a little different than those in a traditional enterprise IT model. An overview of DevOps and its relation to security is available in this DevOps and Security whitepaper.

To report a security vulnerability in a Carbon Black product, click here.