Today,
Security Operations Center (SOC) teams are understaffed and overwhelmed
by cyberattacks that are increasing in both volume and sophistication.
Amid the rapidly evolving threat landscape, security teams are spending
too much time monitoring and validating alerts instead of gaining
visibility and an understanding of the threats in their environment. A
new VMware Carbon Black Cloud capability helps fill the gaps of
understaffed security teams by providing 24/7/365 monitoring, alert
triage, and threat analyst guidance on policy changes as well as
assistance with threat containment in the event of an incident.
Introducing Managed Detection and Response for Endpoints and Workloads
VMware
Carbon Black Cloud Managed Detection and Response (MDR) for endpoints
and workloads provides critical insight into attacks along with
recommendations for policy changes customers can take to remediate the
threat. VMware Carbon Black Cloud MDR, supported by a world-class team
of security experts, helps enterprises respond more quickly to
cyberattacks. Our analysts monitor and analyze the data for our MDR
customers in the VMware Carbon Black Cloud using advanced machine
learning and algorithmic tool sets.
"As
the threat surface expands and cyberattacks become increasingly
destructive, our customers require a strong security posture that can be
realized at speed," said Kal De, vice president and general manager of
VMware's Security Business Unit. "VMware's mission is to enable our
customers to have the security required for the threats of today and
tomorrow. Our MDR offering provides customers with the threat
intelligence and the guidance required to help reduce the overall risk
of security incidents."
The
new offering will provide security and IT teams with increased
visibility and faster incident response, helping to reduce SOC staffing
pressures and freeing up time for the security team to proactively hunt
threats to better protect their organizations.
Threat Analyst Support to Stay One Step Ahead of Attackers
VMware
analysts monitor MDR customer environments around the clock to protect
the organization and provide critical threat intelligence. They can
notify customer IT and security teams via email of threats and provide
specific policy changes to address the threat via the VMware Carbon
Black Cloud. In addition, analysts are available to provide customers
with incident remediation guidance and assist with threat containment
during an incident.
"We
have over a million licensed endpoints on managed detection today and
are exposed to different attacks across every vector, whereas an analyst
sitting in a single SOC for an enterprise may not come across the same
breadth and depth of threats," said Taree Reardon, manager of MDR at
VMware. "We're able to give customers increased visibility into their
environment because we can layer on that threat expertise which allows
our analysts to identify and contain threats more quickly. By handling
the first level of triage, this helps to reduce staffing pressures."
As
organizations defend against increasingly sophisticated and destructive
attacks, VMware Carbon Black Cloud MDR will help bolster threat
intelligence, expand incident response support, and provide expert alert
triage and containment to reduce the time spent on an investigation. An
example of the real-time analysis that supports VMware's MDR offering
is demonstrated in the dissection of the BlueKeep Windows exploit by
VMware security experts. Providing this level of critical insight
through VMware's MDR offering opens up resources for SOC teams to focus
on strategic initiatives and proactive threat hunting to better defend
against cyberattacks.
VMware Carbon Black Cloud MDR will be available as of December 1, 2021.