VMware Carbon Black MDR Helps Analysts Respond to Attacks

VMware is expanding its endpoint security business to include cloud-based managed detection and response (MDR) solutions along with its new Carbon Black Cloud Managed Detection and Response offering.

The growing volume of attacks and complexity of threats have made it difficult for security operations center (SOC) teams to keep up with the volume of security alerts in their environment. Instead of understanding the threats in their environments, SOC analysts are spending too much time assessing and validating alerts. VMware Carbon Black Cloud MDR will monitor endpoints and workloads as part of around-the-clock security monitoring, alert triage, and threat analyst guidance, VMware says. 

The new service builds on Carbon Black’s existing managed detection capabilities and provides IT and security teams with cyberattack insights and security policy recommendations to remediate threats. The threat intelligence and security guidance will help reduce SOC staffing pressures and free up security teams to work proactively, such as threat hunting and understanding the different types of threats they are faced with. 

Carbon Black’s threat analysis team will use machine learning and algorithms to monitor and assess customer data in the VMware Carbon Black Cloud. In the case of an incident, the analysts will notify affected customers’ IT and security teams via email about threats and provide specific policy recommendations for policy changes to remediate the issues. The analysts will remain in communication with the security team until the threat is contained. The analysts can also maintain visibility on a compromised endpoint after isolating and securing it. 

VMware acquired Carbon Black in 2019 and has since focused on extending Carbon Black Cloud’s capabilities to “fulfill the vision of intrinsic security,” said VMware CEO Raghu Raghuram at this week's Credit Suisse 25th Annual Technology Conference. The current focus is around integrating network security and network signals into Carbon Black Cloud so it can pull together signals from home devices, the secure access service edge (SASE) network, data center network, endpoints, and applications into one place. By applying machine learning and other data technologies, analysts will be able to proactively detect and remediate security incidents, Raghuram said. 

Read more here.