Sep 28 2020

Review: Enhance Threat Hunting with VMware Carbon Black Cloud Enterprise EDR

The state-of-the-art security application collects data in one comprehensive view, empowering swift action.

Now more than ever, states and agencies need to maintain the highest levels of IT security. According to a recent report by Opinion Matters and VMware, 70 percent of respondents said that cyberattack volumes at their organizations have increased in the past 12 months. 

Even more troubling, the report highlights 82 percent of respondents who describe recent cyberattacks as more sophisticated than in previous years, with process weaknesses as the leading cause for breaches. As a result, 86 percent plan to increase cyberdefense spending in 2021. VMware Carbon Black Enterprise EDR, which I recently tested, provides advanced threat hunting and incident response capabilities for vital visibility to top state and local security personnel.

MORE FROM STATETECH: Why VPNs cannot provide the necessary security to protect users and data at scale.

Get Access to Next-generation Endpoint Protection 

This surprisingly easy-to-use enterprise endpoint detection and response solution comes as part of the larger VMware Carbon Black Cloud platform and offers state-of-the-art capabilities. These include a robust partner ecosystem and an open platform that lets agency security teams integrate Enterprise EDR into their existing security stack via a combination of automation and open application programming interfaces.

Enterprise EDR empowers agencies with next-generation endpoint protection that consolidates security in the cloud by using a single agent and aggregates all data into a simple console and data set that provides real-time network analysis. By collecting data continuously and leveraging the VMware Carbon Black Cloud, Enterprise EDR provides immediate access to the most comprehensive view of an attack at all times. This produces results in minutes.

VMware Carbon Black Enterprise EDR

Stay Ahead of Attacks with Greater Visibility 

Enterprise EDR easily eliminates most issues that plague more complicated platforms by providing high end-to-end visibility. In minutes, I was able to launch and accelerate investigations into anomalies and discover the root cause of simulated attacks.

During these difficult times, state agencies need to ensure that there is no interruption to essential services. Using threat hunting in conjunction with powerful support programs such as Enterprise EDR, agency IT security teams can make great strides in staying ahead of attacks.

4 Tips to Address Third-Party Risk

Third-party breach risks are increasing every year. In addition to the general escalation in intensity, a recent VMware study reveals a shift in causation for successful breaches. Operating system vulnerabilities and third-party applications are now considered primary causes.

To address these types of attacks, states and agencies must ensure they take the following steps to mitigate risks:

  1. Leverage threat hunting: VMware Carbon Black Cloud Enterprise EDR provides advanced threat hunting and incident response functionality from the same agent and console, so protection is at the endpoint level. It works through features such as real-time query solutions that allow IT teams to consolidate multiple products with a single platform. 

  2. Achieve continuous data collection: When it comes to security, it is all about data. I was impressed by the continuous and centralized recording and the centralized access to data when I tested VMware Carbon Black Cloud Enterprise EDR. 

  3. Intuitive attack chain visualization: The visualization capabilities of Enterprise EDR allow teams to determine the root cause of attacks. As a result, analysts can speed through each stage of an attack and gain insight into the behavior of the attacker, quickly closing security gaps. More important, IT security teams can learn from every new attack technique. 

  4. Close issues quickly: Enterprise EDR comes with live response for the remote remediation of incidents. Using this beneficial feature, responders can create a secure connection to infected hosts and pull or push files, including kill processes. They can also perform memory dumps, quickly remediating security issues and purging them from the network. 

By leveraging these four features in Enterprise EDR, IT security teams can proactively find and close gaps while securing remote access for investigations. States will surely appreciate reducing idle time and speeding up security remediation and resolution.

VMware Carbon Black Enterprise EDR

Hosted Service Type: Cloud-native endpoint protection
Retail/Licensing: License
Operating Systems: Windows, macOS, Red Hat, CentOS
Topology: Lightweight sensor managed from the cloud 
Setup: Customizable behavioral detection out of the box
Remediation: Secure Shell for rapid remote connections
Intelligence Feeds: Proprietary and third-party threat intel

VMware