In our recent blog post, we talked about behavior-based security, a whole new approach to tackling today’s security challenges by preventing an attack before it even happens.
Traditional antivirus/security solutions focus mainly on prevention, relying on long lists of signatures or hashes to detect known viruses, trojans and other security threats. This requires a “sacrificial lamb” to first experience a cyber-attack in order for everyone else to be protected from it later on. Due to the way cyberattacks quickly propagate in a matter of milliseconds, Zero Day support is now required to combat these cybersecurity risks we face every day, ensuring that an attack does not need to happen to someone else first in order to protect your systems.
This is obviously great news for businesses wanting to steer clear of any security breaches. “Waiting” for an attack to respond and then creating a security patch or signature file to later protect other solutions, which is how traditional AV software has mainly worked so far, is a poor strategy that no longer works today.
To address this, we will discuss how VMware, premier cloud computing company and the leader in virtualization technologies for over two decades, is addressing these needs by delivering a comprehensive, next-generation cybersecurity solution, VMware Carbon Black.
How does it work?
Unlike traditional antivirus, VMware Carbon Black has a unique approach to provide full endpoint protection.
The more data, the better
First, VMware Carbon Black collects unfiltered endpoint data, always capturing everything happening on the endpoints (e.g., network connections, file and/or registry modifications, cross-process events, etc.), not just when something suspicious is happening. Then they send it to their Predictive Security Cloud (PSC) to combine that local data with Big Data analytics and, as a result, provide extended and enhanced visibility of all possible threats, known and unknown, increasing their prevention capacity exponentially.
This could be compared to a 24x7 surveillance camera, recording everything constantly instead of just when some unexpected event occurs like other solutions (e.g., motion detection) normally do.
Assess over time
Second, their Predictive Security Cloud (PSC) leverages Streaming Analytics, a new type of analytics they developed based on proven Event Stream Processing (ESP) technology, used in sectors like banking for fraud detection and algorithmic trading. These analytics use a combination of behavioral analytics, Machine Learning (ML), and reputational analytics, as well as other advanced data processing algorithms to predict unknown threats and attacks and assess risks over time. This focus is effective against both malware and non-malware attacks that leverage trusted software to perform malicious behaviors.
Architecture: A Single Console, Platform, and Agent
VMware Carbon Black architecture is built around three main components to protect your servers and desktop/laptop computers:
Carbon Black sensors
On the endpoints, a single, shared lightweight agent with minimal end user impact (< 1% CPU/disk usage) is deployed, continuously collecting data and sending securely to the Carbon Black Cloud infrastructure for analytics. When a threat is detected, it can take remedy actions (e.g., delete files, blacklist hashes, quarantine/isolate endpoint from the network) whether the endpoint is online or offline, providing non-stop protection.
Carbon Black console
All information is available from a centralized, cloud-based management console. It is easy to deploy, configure, and use, providing integrations with SIEM platforms, threat intelligence, and network security products.
Carbon Black Cloud
Artificial Intelligence (AI) and Machine Learning (ML) cloud-based services are leveraged for data analytics.
Integration with Other Products
Carbon Black integrates natively with other VMware products within their large ecosystem, like VMware vSphere (Virtualization) for Virtual Machine (VM) provisioning/hosting and VMware Workspace ONE (Unified Endpoint Management) for endpoint management, to name a few.
However, Carbon Black can only integrate with other solutions from third-party vendors, like Mobile Threat Defense (MTD) software for mobile endpoint protection, Security Information and Event Management (SIEM) software or similar comprehensive digital workplace management solutions like ISEC7 SPHERE.
Cybersecurity attacks are now part of our day-to-day lives, and anyone is potentially at risk, from consumers to small businesses to Top 500 corporations. Ransomware attacks, for example, can easily bypass traditional antivirus solutions, which is why a new, more proactive approach, using prediction as the best prevention, is required to ensure your environment is always as safe as possible; this is exactly what VMware is offering with Carbon Black.
We are pleased to introduce this comprehensive solution and would be happy to answer any questions you may have about VMware Carbon Black and navigating this resource. Please feel free to contact us if you have any questions or would like a demonstration. We can also assist with any concerns pertaining to cybersecurity and improving your security posture in general.