VMware, Inc. announced advancements in its Carbon Black Extended Detection and Response (XDR) strategy focused on cloud native applications. Cloud Native Detection and Response (CNDR) provides VMware Carbon Black customers with unified visibility, security, and control in highly dynamic and complex modern application environments.

Containers and Kubernetes have become synonymous with the modern application transformation as organizations increasingly adopt multi-cloud and hybrid technology infrastructures. However, the growth in cloud native architectures and containers also expands an organization's attack surface. As Security Operations Center (SOC) teams are tasked with learning the complexities of cloud native environments, they also are challenged with containers running in production with limited-to-no security coverage, disparate tools that create gaps in coverage, and limited visibility into the different layers of these applications.

VMware Carbon Black's new CNDR capabilities expand its leading XDR solution and are designed to deliver enhanced threat detection for containers and Kubernetes within a single, unified platform. These enhancements aim to deliver runtime protection for Linux containers to provide a scalable approach for protecting applications from emerging threats and helping eliminate blind spots for attackers to exploit.

"The rise of containers, and often the resulting lack of visibility and limited control security teams have, has created a perfect storm for attackers to target cloud native applications as a means of entry into an enterprise," said Jason Rolleston, vice president and general manager of VMware Carbon Black. "In order for security teams to keep up, it's critical that organizations have security visibility and control that spans the entire application lifecycle and does not require them to be experts in containers and Kubernetes. With our advanced CNDR solution, VMware Carbon Black is the only partner that delivers threat detection and response from a single console across endpoints, workloads, and containers."

Enhanced Cloud Native Detection and Response in VMware Carbon Black delivers new capabilities for security teams and incident responders. SOC teams benefit from:

1. Enhanced visibility: You can't stop what you can't see. VMware Carbon Black monitors the processes running in both container and Kubernetes environments. These processes and any alerts are displayed in the familiar Carbon Black console and aim to seamlessly integrate into customers' existing workflows.
2. Context and historical data: Due to the ephemeral nature of containers, it can be challenging to get historical data on any previous anomalies detected in a container that no longer exists. Carbon Black keeps this historical data in the cloud and allows security teams to analyze alerts from previously existing containers.
3. Simple alert triaging: Security analysts can understand the steps that an attacker might have taken in any given environment with enhanced visibility into which events are coming from what container or Kubernetes node.

Product Availability

CNDR capabilities for containers and Kubernetes are expected to be available within the next six months. These features build on the Carbon Black vision for protection, detection, and response with accelerated deployment and easier adoption.