May 14, 2020 Carbon Black Response
Chris Rothe

Expanded MDR coverage with VMware Carbon Black Cloud Endpoint Standard

Red Canary now incorporates alerts from VMware Carbon Black Cloud Endpoint Standard into our MDR solutions.

Today we are announcing expanded support for VMware Carbon Black Cloud. Red Canary was Carbon Black’s first technology partner way back in 2014. A lot has changed since then, but one thing has stayed the same: Carbon Black provides great products to build a detection and response capability around.

The trend in endpoint security over the last few years has been the consolidation of capabilities back into a single agent with a cloud-based backend. VMware Carbon Black Cloud (formerly known as CB Defense) provides next generation antivirus, endpoint detection and response (EDR), and remediation tools with only one agent to deploy to endpoints. Up until now, Red Canary focused just on the detection and response side of the house, taking EDR telemetry and doing the broadest possible detection. We are now expanding our scope to include the full VMware Carbon Black Cloud product set.

What does this mean exactly?

  • Red Canary will correlate alerts generated by Endpoint Standard with EDR telemetry.
  • The Red Canary Cyber Incident Response Team (CIRT) will investigate all correlated alerts and create detailed threat timelines for all confirmed threats, including the context needed for remediation.
  • If enabled, Red Canary will update your Endpoint Standard alerts based on the results of our investigations, so that you no longer need to take action within the Endpoint Standard console on any alert that we’ve investigated.
  • Automated playbooks will run to remediate confirmed threats as configured through the Red Canary Portal leveraging Carbon Black’s Live Response capabilities.
  • Your Red Canary incident handler will assist with blocking policy configuration for Endpoint Standard.

We have been delivering this capability in private beta to a number of our customers for several months now and are very excited about the results. CB customers can now leverage one agent, and one ally for managed detection and response. Reach out to us anytime to learn how we can help.

 

To learn more, join us today at VMware Carbon Black Connect—a virtual event that is free for all attendees.

 

 

Webinar preview: Facing Threats to Banking and Finance

 

VMware Carbon Black technology: a look forward, from the past

 

7 Essential Questions for Evaluating Carbon Black Response Partners

 

What Makes a Great Security Team? 4 Standout Qualities

Subscribe to our blog