VMware continues to develop its Carbon Black strategy with Cloud Native Detection and Response, a new native Detection and Response feature. Containers and Kubernetes have taken on a critical role in the transformation of modern applications. Because more and more organizations they adopt hybrid and multi-cloud technological infrastructures.
The attack surface expands
However, the growth of cloud native and container architectures also expands organizations’ attack surface. Security Operations Center (SOC) teams, in addition to having to deal with the complexities of cloud native environments, must deal with containers in production that have limited or non-existent security coverage. Heterogeneous tools that generate coverage gaps and limited visibility into the different layers of these applications.
VMware Carbon Black
The new CNDR features of VMware Carbon Black expand the already consolidated XDR solution offering a better detection of container and Kubernetes threats within a single, unified platform. These enhancements aim to provide runtime protection for Linux containers, ensuring a scalable approach to protecting applications from emerging threats and helping eliminate blind spots that attackers can exploit.
Threat detection and response in a single console
Jason Rolleston, Vicepresidente e General Manager di VMware Carbon Black
The rise of containers, and often the subsequent one lack of visibility and limited control by security teams, have created a perfect storm for attackers targeting cloud-native applications as a means of accessing the enterprise.For security teams to stay ahead, it is essential that organizations have security visibility and control that spans the entire application lifecycle, without requiring specialization in containers and Kubernetes. With our advanced CNDR solution, VMware Carbon Black is the only partner that can provide threat detection and response from a single console that spans endpoints, workloads and containers.
From VMware Carbon Black the Detection and Response functionality
VMware Carbon Black’s Cloud Native Detection and Response brings new capabilities to security teams and incident responders. In fact, SOC teams benefit from:
Improved visibility: you can’t stop what you can’t see. VMware Carbon Black monitor processes running in container and Kubernetes environments. These processes and any alerts are displayed in the familiar Carbon Black console and aim to integrate into customers’ existing workflows.
Also retain historical data
Context and historical data. Due to the ephemeral nature of containers, it can be difficult to obtain historical data on any anomalies previous ones detected in a container that no longer exists. Carbon Black stores this historical data in the cloud and allows security teams to analyze alerts from previously existing containers.
Simplifying alert triage. Security analysts can understand the steps an attacker may have taken in a given environment. And this is possible by obtaining greater visibility into events coming from specific containers or Kubernetes nodes.