Today we are announcing expanded support for VMware Carbon Black Cloud. Red Canary was Carbon Black’s first technology partner way back in 2014. A lot has changed since then, but one thing has stayed the same: Carbon Black provides great products to build a detection and response capability around.
The trend in endpoint security over the last few years has been the consolidation of capabilities back into a single agent with a cloud-based backend. VMware Carbon Black Cloud (formerly known as CB Defense) provides next generation antivirus, endpoint detection and response (EDR), and remediation tools with only one agent to deploy to endpoints. Up until now, Red Canary focused just on the detection and response side of the house, taking EDR telemetry and doing the broadest possible detection. We are now expanding our scope to include the full VMware Carbon Black Cloud product set.
What does this mean exactly?
- Red Canary will correlate alerts generated by Endpoint Standard with EDR telemetry.
- The Red Canary Cyber Incident Response Team (CIRT) will investigate all correlated alerts and create detailed threat timelines for all confirmed threats, including the context needed for remediation.
- If enabled, Red Canary will update your Endpoint Standard alerts based on the results of our investigations, so that you no longer need to take action within the Endpoint Standard console on any alert that we’ve investigated.
- Automated playbooks will run to remediate confirmed threats as configured through the Red Canary Portal leveraging Carbon Black’s Live Response capabilities.
- Your Red Canary incident handler will assist with blocking policy configuration for Endpoint Standard.
We have been delivering this capability in private beta to a number of our customers for several months now and are very excited about the results. CB customers can now leverage one agent, and one ally for managed detection and response. Reach out to us anytime to learn how we can help.