The companies have developed a new jointly-developed solution that will shrink an organisation’s attack surface while empowering security teams with automated threat detection and remediation to react faster and more effectively to attacks. The new solution will combine VMware AppDefense and Carbon Black's Cb Defense advanced threat protection to provide a 'one-two punch' for stopping threats to applications inside the data centre.
VMware AppDefense leverages the power of the virtual infrastructure to create least-privilege environments around applications. It enforces system integrity using the hypervisor, provides visibility into the intended state and behaviour of applications, and monitors state and behaviour from a protected position. Cb Defense, running on the Predictive Security Cloud, provides a next-generation endpoint protection solution that applies behavioral approaches to detect threats. It uses streaming prevention to monitor for malicious behaviour on a machine to protect against malware and non-malware based attacks. The solution combines three key elements to advance cloud and data centre security:
Enforce known good application behaviour that leverages the virtual infrastructure, so the solution will have an authoritative understanding of how data centre endpoints are meant to behave and is the first to know when changes are made.
Detect unknown threats: the solution will leverage application context to perform advanced behavioural threat detection to provide additional protection beyond least privilege. Carbon Black’s Streaming Prevention threat detection technology that uses event stream processing to correlate multiple events over time to surface the presence of a threat.
Enforce known good application behaviour that leverages the virtual infrastructure, so the solution will have an authoritative understanding of how data centre endpoints are meant to behave and is the first to know when changes are made.
Detect unknown threats: the solution will leverage application context to perform advanced behavioural threat detection to provide additional protection beyond least privilege. Carbon Black’s Streaming Prevention threat detection technology that uses event stream processing to correlate multiple events over time to surface the presence of a threat.
Automate and orchestrate responses: Once a threat is identified, the solution will allow for the full understanding of application context during investigation, and will use the virtual infrastructure to deliver a library of responses, ranging from suspending or snapshotting a virtual machine (VM), to quarantining the compromised machine and performing forensic analysis.
“Chief information security officers (CISOs) understand that decreasing the attack surface is synonymous with risk reduction, but many organisations don’t have the resources to assess, plan, deploy and operate application controls,” said Jon Oltsik, Senior Principal Analyst and the founder of ESG’s cybersecurity service. “AppDefense applies machine learning algorithms to alleviate this operational burden while delivering the risk-mitigating goodness of least privilege. Through this new joint solution from Carbon Black and VMware, the companies will be able to provide customers with Cb Defense to detect and respond to application threats that may evade least privilege.”
“Cloud and virtualisation provides enterprises with new security opportunities that go beyond traditional approaches,” said Patrick Morley, CEO of Carbon Black. “Carbon Black and VMware are uniquely capable of moving beyond point security solutions to give enterprises a more robust and holistic approach to securing mission critical applications running in the data centre. We are looking forward to the opportunity to help businesses around the world running more than 60 million VMs achieve the highest levels of security.”
“Carbon Black and VMware will deliver a new model for security that marries complementary components, combined in ways that fully leverage the unique properties of virtualisation and cloud to help protect organizations that was previously not possible,” said Tom Corn, Senior VP, Security Products at VMware. “With this new joint solution, data centre endpoints can be strengthened with system integrity and least privilege, critical applications and data are safe from both non-malware and malware attacks and security operations will be empowered to react faster and more effectively than before.”
Details:
The new joint solution will be generally available from Carbon Black in VMware’s FYQ418, which ends on February 3, 2018.
Hashtag: #infosec
No comments:
Post a Comment