Cloud
12/7/2017
09:20 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

VMware and Carbon Black Team Up in Data Center and Cloud Security

New joint, cloud-based security solution combines enforcement of 'known good' application behavior with advanced threat detection and automated remediation

WALTHAM, Mass., and PALO ALTO, Calif. – December 7, 2017--  VMware, Inc., (NYSE: VMW), a global leader in cloud infrastructure and business mobility, and Carbon Black, the leader in next-generation endpoint security, today announced an expanded partnership that will help transform current approaches to cloud and data center security. The companies have developed a new joint solution that will dramatically shrink an organization’s attack surface, while empowering security teams with automated threat detection and remediation to react faster and more effectively to attacks. Today’s announcement expands on a collaboration announced earlier this year, giving VMware AppDefense™ customers the ability to leverage Carbon Black’s Predictive Security Cloud™ (PSC) reputation services.

Click here to Tweet - [email protected] and @CarbonBlack_Inc expand partnership to drive a new model for data center & cloud security; empower security teams w/automated threat detection and remediation to react faster and more effectively to attacks #infosec http://ow.ly/G36j30h2CxR

As applications become more distributed and dynamic, they have also become more difficult to secure. Traditional security solutions are not flexible enough to keep up with applications as they change over time, leading to breakdowns in security. The majority of attacks causing damage today are not simple malware easily rooted out with “known bad” signatures. They require watching behavior of applications for any deviation from the norm. They hinge on attackers manipulating the executables, processes, and operating system of the endpoint itself. Identifying these threats requires a deep understanding of both application behavior and threat behavior, something that traditional endpoint security products don’t possess.

The newly jointly-developed solution will combine VMware AppDefense and Cb Defense’s advanced threat protection to provide a unique one-two punch for stopping threats to applications inside the data center. VMware AppDefense leverages the power of the virtual infrastructure to create least privilege environments around applications. It enforces system integrity using the hypervisor, provides visibility into the intended state and behavior of applications, and monitors state and behavior from a protected position. Cb Defense, running on the Predictive Security Cloud, provides a next-generation endpoint protection solution that applies behavioral approaches to detect threats. It uses streaming prevention to monitor for malicious behavior on a machine to protect against malware and non-malware based attacks.  The solution combines three key elements to advance cloud and data center security:

Enforcing Known Good Application Behavior: By leveraging the virtual infrastructure, the solution will have an authoritative understanding of how data center endpoints are meant to behave and is the first to know when changes are made. This contextual intelligence will remove the guesswork involved in determining which changes to processes, executables, and operating systems inside a given data center endpoint are legitimate and which indicate real threats.

Detecting Unknown Threats: The solution will leverage application context to perform advanced behavioral threat detection to provide additional protection beyond least privilege. Any threat that isn’t prevented by locking down the application’s behavior will be picked up by Carbon Black’s Streaming Prevention – a next-gen threat detection technology that uses event stream processing to correlate multiple events over time to indicate the presence of a threat. Users will  see threat activity in real time, visualize the attack chain to see exactly what attackers are trying to do, and respond immediately to shut down attacks in progress.

Automating and Orchestrating Response: Once a threat is identified, the solution will allow for the full understanding of application context during investigation, and again, will use the virtual infrastructure to deliver a library of responses, ranging from suspending or snapshotting a VM, to quarantining the compromised machine and performing forensic analysis.

“CISOs understand that decreasing the attack surface is synonymous with risk reduction, but many organizations don’t have the resources to assess, plan, deploy and operate application controls,” said Jon Oltsik, senior principal analyst and the founder of ESG’s cybersecurity service. “AppDefense applies machine learning algorithms to alleviate this operational burden while delivering the risk-mitigating goodness of least privilege. Through this new joint solution from Carbon Black and VMware, the companies will be able to provide customers with Cb Defense to detect and respond to application threats that may evade least privilege.”

“Cloud and virtualization provides enterprises with new security opportunities that go beyond traditional approaches,” said Patrick Morley, CEO of Carbon Black. “Carbon Black and VMware are uniquely capable of moving beyond point security solutions to give enterprises a more robust and holistic approach to securing mission critical applications running in the data center. We are looking forward to the opportunity to help businesses around the world running more than 60 million VMs achieve the highest levels of security.”

“Carbon Black and VMware will deliver a new model for security that marries complementary components, combined in ways that fully leverage the unique properties of virtualization and cloud to help protect organizations that was previously not possible,” said Tom Corn, senior vice president, Security Products at VMware. “With this new joint solution, data center endpoints can be strengthened with system integrity and least privilege, critical applications and data are safe from both non-malware and malware attacks and Security Operations will be empowered to react faster and more effectively than before.”

The new joint solution will be generally available from Carbon Black in VMware’s Q4 FY 2018, which ends on February 3, 2018. Customers can learn more about this joint solution by clicking here. VMware and Carbon Black will be launching a 15-city tour to give enterprises an opportunity to learn firsthand how the new solution protects their virtual datacenter infrastructure. Sign up to be notified of dates and locations here.

 

Resources Section:

 

About Carbon Black

Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Predictive Security Cloud provides advanced protection for more than 14 million endpoints across 3,300 customers, including 31 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks. For more information, please visit www.carbonblack.com or follow us on Twitter at @CarbonBlack_Inc.

About VMware

VMware, a global leader in cloud infrastructure and business mobility, helps customers realize possibilities by accelerating their digital transformation journeys. With VMware solutions, organizations are improving business agility by modernizing data centers and integrating public clouds, driving innovation with modern apps, creating exceptional experiences by empowering the digital workspace, and safeguarding customer trust by transforming security. With 2016 revenue of $7.09 billion, VMware is headquartered in Palo Alto, CA and has over 500,000 customers and 75,000 partners worldwide.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.