Protect your endpoint with Carbon Black EDR
Use Cases and Deployment Scope
VMware Carbon Black EDR is used for investigation of endpoint. It helps in looking out for any malicious activity in the host machines. We get various information about the activity like in which machine the event is occurring, occurrence time and what all events are being performed in the endpoint. It helps in checking all the network connections made by the machine , any modification in the files made in the machine, all the processes that are running in the machine can be checked using VMware Carbon Black EDR. It helps in creating custom watchlist of events also it has threat feeds for investigation.
Pros
- Helps in tracking network connections made by machine
- Process Tree which show series of workflow which clear and easy to understand.
- Enables to go live into the machine and investigate
Cons
- Number of false positive which are triggered due to threat feeds are sometimes more needs to be fine tuned by the client.
- In very rare scenarios processes are not captured properly.
Return on Investment
- It is helping to protect us from potential loss of revenue that would be caused by malware or a compromised account.
- It took some time in deploying in the environment , but that time is much worth it because of the results we are getting now.
- It helps in hunting, which help us check and protect our environment from any cyber attacks.
Alternatives Considered
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)
Other Software Used
Microsoft Azure, Amazon WorkSpaces (VDI), Amazon Web Services
