Cloud native endpoint, workload, and container protection platform (EDR) that combines the intelligent system hardening and behavioral prevention needed to keep emerging threats at bay, using a single, easy-to-use console. By analyzing more than 1 trillion security events per day, VMware Carbon Black Cloud proactively uncovers attackers’ behavior patterns and empowers defenders to detect and stop emerging attacks.
VMWare Carbon Black Cloud can upload all new binaries it detects to the cloud storage so that nothing is missed during the investigation even if original malware or hacking tools were later deleted by intruders. All these new files may be automatically submitted to the cloud instance of the VMRay Analyzer for inspection
VMRay Analyzer performs analysis of the file and reports back to VMWare Carbon Black Cloud overall severity and IOCs. Full analysis report from VMRay Analyzer is also available from the VMWare Carbon Black Cloud console.
Connector collects unique SHA256 hash values of processes and then downloads samples from CB Cloud to submit them into VMRay Analyzer. Depending on the connector settings , files with Suspicious, Malicious or both verdicts can be submitted . After the analysis is finished, connector retrieves IOC values and tags from the VMRay Analyzer and creates Reports in the VMware Carbon Black Watchlist. If ban option is enabled, connector also bans executables on the VMware Carbon Black Cloud according to the selected verdicts. Full report is also accessible from the VMware Carbon Black Cloud console
Watch the video
Download the connector Documentation