VMware Carbon Black helped pioneer the active endpoint detection and response (EDR) technology segment within the broader endpoint protection market. Their EDR solution now includes cloud-based and in-house endpoint protection.
See below for full review of VMware Carbon Black and what makes this software an effective endpoint protection solution:
The Endpoint Protection Market
The global endpoint security market size is $12.93 billion in 2020 with a growth rate of 8.1%. Researchers estimate that VMware Carbon Black ranks sixth in the industry and holds roughly 3% of the market share.
VMware Carbon Black’s top three competitors are Trend Micro (36%), Symantec (13%) and McAfee (9%). These entrenched competitors gained their lead through classic antivirus technology, but have not been as successful with EDR products.
VMware Carbon Black leads the next generation of more advanced and active endpoint protection. Its main competitors delivering a similar EDR technology includes Crowdstrike (2.5%) and Cylance (1%).
VMware Carbon Black Key Features
As a functional endpoint protection solution, VMware Carbon Black protects computers against known and emerging threats and malware, such as viruses, trojans, and ransomware. The key features of the products provide additional functionality for security analysts and endpoint protection.
- Both cloud and in-house deployment features
- Collects comprehensive information about every protected endpoint
- Provides security operations center (SOC) and incident response (IR) team data feed for rapid analysis and response
- Blocks zero-day malware attacks based on activity analysis
- Detection and response at scale for enterprise
- Cloud features
- Detect and prevent attacks using legitimate tools
- Automates endpoint alert investigation workflow
- Pools data from a global customer base for early detection of attack processes
- Attack-chain details permit rapid incident response investigation
- Create custom watchlists to automate repetitive hunts
- Isolate infected systems and remove files remotely
- Automate ongoing reports regarding endpoint and user security status
VMware Carbon Black Key Benefits
IT Managers suffer many IT security headaches as users continue to click on bad links in emails or pick up malware-laden USB drives. VMware Carbon Black’s key benefits reduce these headaches:
Improve Endpoint Security
Traditional endpoint security used antivirus software that scanned the hard drive and compared files against a list of signatures. Antivirus could not respond to unknown attacks or to malware that had been modified significantly.
The VMware Carbon Black endpoint detection and response solution focuses instead on the behavior of programs and users to identify them as malicious. When malware is detected, VMware Carbon Black can automatically take steps to eliminate the malware or isolate the device to prevent the malware from spreading.
Many solutions trigger alerts but leave the log collection and device exploration up to the investigating security engineer. VMware Carbon Black recognizes malware quickly and offers options to improve response times.
For fastest reactions, IT security teams can activate automatic responses that shut down malware and isolate potentially infected devices immediately. The solution also triggers alerts on suspicious activities, so SOC teams can investigate and coordinate incident response based upon real-time activity reports and device information.
Easier Incident Response
Computers generate many different log files and alerts, but sifting through the mess to look for relevant information during an attack can be difficult. VMware Carbon Black gathers and organizes the data to make it easier for incident response teams to analyze attacks, hunt for the sources of attacks, and react quickly to contain and stop attacks. Once the attacks have been contained and remediated the solution provides tools to document the process for reporting.
VMware Carbon Black Use Cases
One of Germany’s largest private hospitals, Asklepios deployed the VMware Carbon Black Cloud solution across its data centers and endpoints. The implementation allows for the security team to thwart active attacks, analyze activities on the device, adjust preventative measures, and automate workflows that previously had been manual processes.
Daniel Maier-Johnson, the CISO for Asklepios notes that “by guarding sensitive patient data against cyber attacks and data breaches, we are bolstering our reputation as a trusted, security-conscious health care group.”
As BraunAbility grows rapidly, it needs an endpoint solution to deploy efficiently to new employees without compromising security. Their IT team needs an endpoint protection solution that integrates well with SD-WAN solutions and can be adjusted flexibly by the in-house IT team remotely from various international offices.
“VMware Carbon Black Cloud is a balance of AV and EDR, which allows me to have a global reach and visibility to quickly deploy endpoint agents across our different organizations with flexibility in software delivery,” says Arlie Hartman, CISO, BraunAbility.
With over 100 employees, Kaas Tailored traditionally used simple antivirus technology for protection. However, despite detecting an attack on a single machine, the IT security team was unable to detect or stop the attack with their old AV solution and began looking for new options.
Since upgrading to VMware Carbon Black Endpoint Standard, Joe Mrazik, network administrator, finds that their new solution “tells me exactly what happens, when it happens, and I no longer need to chase after unnecessary reports or logs. … I’ve come to learn and appreciate the fact that there are tools out there that will help you do your job.”
VMware Carbon Black Differentiators
As an endpoint protection solution, VMware Carbon Black delivers security. However, its key differentiators provide justification for customers to invest in the VMware Carbon Black solution over legacy antivirus solutions and other EDR solutions.
- Light agent: Unlike many bloated antivirus solutions that require a lot of memory, hard drive space, and slow down computers with scans, the VMware Carbon Black agent is small and operates quickly with minimal impact to the host computer.
- Isolate infected systems: When a computer is under attack, the VMware Carbon Black software can isolate the system from the network either automatically through rules or through an analyst’s actions.
- Managed detection and response: Blurring the line between endpoint protection and SOCs, VMware Carbon Black’s managed service monitors and analyzes alerts, investigates malicious activities, and responds to attacks.
- App control (in-house deployment only): Sometimes, organizations need to use obsolete, vulnerable software to control expensive legacy equipment. App control hardens these systems against unwanted change and blocks vulnerability exploitation with file-integrity monitoring, device control, and memory protection.
VMware Carbon Black Ratings
VMware Carbon Black Pricing
VMware Carbon Black does not publicly release suggested pricing for its endpoint detection and response products. Resale partners often post an official rate for one-year licenses as $135.99. However, clients can often negotiate volume and long-term discounted rates that may reduce the costs from $52.99 per endpoint per year or even $38.40 per endpoint for a five-year subscription.
VMware Carbon Black’s endpoint protection solution provides a premium solution that improves endpoint security and reduces the time required to respond to attacks. While not all organizations can immediately justify the expense of upgrading from their current antivirus solution, VMware Carbon Black is part of the leading edge of the future of endpoint protection.