VMware Carbon Black Cloud

Additional Info

Company size (employees)5,000 to 9,999
Type of solutionSoftware


Ransomware is proving effective, pervasive and profitable and it continues to be a dominant factor in today’s modern threat landscape. VMware Carbon Black Cloud offers a number of ways to protect against ransomware in real time. These methods provide visibility into, detection of, and blocking of ransomware attacks along the kill chain. They include monitoring for malicious signatures, advanced detections, machine learning, and behavioral analysis. In a recent 90-day period, VMware Carbon Black Cloud stopped more than 1.1 million ransomware attacks.

VMware Carbon Black Cloud provides all these capabilities with a single, lightweight endpoint sensor and a single console UI without scheduled scans by monitoring the activity of all binary executions in real time. VMware Carbon Black Cloud detects and blocks ransomware and other more advanced attacks without impacting the performance of the endpoint. With VMware Carbon Black Cloud, organizations maintain visibility, protection and control over their employees’ endpoints, even if they are disconnected from the corporate network.

In addition to protecting the endpoint, VMware Carbon Black Cloud can also detect known malicious IP addresses and trigger an alert to give the indication that an attack is underway. The known malicious URLs or IP addresses can be identified using out-of-the-box threat intelligence from VMware Carbon Black Cloud, or organizations can ingest their own threat feed into VMware Carbon Black Cloud.

Actions to prevent ransomware taken in the VMware Carbon Black Cloud UI can also be taken by leveraging the API. The VMware Carbon Black Cloud API is a robust, open,two-way API that allows security teams to script remedial actions, create automation, and leverage other VMware products and third-party integrations.

VMware Carbon Black Cloud Workload delivers advanced protection purpose-built for securing modern and traditional workloads to reduce attack surface and strengthen security postures. This innovative solution combines prioritized vulnerability reporting and foundational workload hardening with industry-leading prevention, detection and response capabilities to protect workloads running in virtualized, private and hybrid cloud environments.

Tightly integrated with VMware vSphere, VMware Carbon Black Cloud Workload provides agentless security that alleviates installation and management overhead and consolidates the collection of telemetry for multiple workload security use cases. This unified cloud workload protection (CWP) solution enables security and infrastructure teams to automatically secure new and existing workloads across all phases of the workload lifecycle, while simplifying operations and consolidating the IT and security stack.

Matt Berry, principal security advisor, global financials, World Wide Technology stated: “The interface of VMware Carbon Black Cloud Workload allows security and operations teams to look at the same information without forcing them to use the same pane of glass and potentially lose functionality. Now we have shared data that we can start working together as a team to resolve challenges.”

VMware Carbon Black Cloud Workload delivers security as a built-in distributed service, helps customers scale response with confidence, speed, and accuracy, and breaks down siloes on the journey to Zero Trust.

How we are different

High-fidelity, behavior-based detections: VMware Carbon Black Cloud integrates with the Microsoft Antimalware Scan Interface (AMSI) to leverage high-fidelity, behavior-based detections created by the VMware Threat Analysis Unit to block ransomware in its tracks by detecting the exploit kits commonly used by strains of ransomware, such as Cobalt Strike, PowerShell Empire, and Metasploit. By detecting these exploit kits, VMware Carbon Black Cloud can shut down the ransomware attack before it is able to do any damage.
Machine learning technology: VMware Carbon Black Cloud uses machine learning to conduct static analysis of the binary to determine if it is suspected to be malware. This static analysis looks at the metadata embedded in the binary as well as human-readable strings for indicators that it is malicious. If the binary is judged to be suspected malware, it can be blocked through policy.
Deletion of known malware: VMware Carbon Black Cloud can automatically delete known malware in a configurable window of one day to four months. This known malware will not be allowed to execute before it is deleted according to policy. This window is to help security teams ensure that false positives are not being deleted. VMware Carbon Black Cloud classifies malicious activity by MITRE ATT&CK technique IDs (TIDs). It also generates an alert visualization to help quickly understand the scope of the attack, establish the root cause, and prioritize response.

Find the right vulnerabilities: It’s not about finding the most vulnerabilities – it’s about finding the right ones. VMware Carbon Black Cloud Workload helps security and infrastructure teams focus on the most high-risk vulnerabilities and common exploits across their environments. Customers can prioritize vulnerabilities based on a combination of the Common Vulnerability Scoring System (CVSS), real-life exploitability and frequency of attack and increase patching efficiency with best-in-class prioritization. This eliminates the need for resource-heavy scans, with no additional administrative overhead or setup.

Visibility into traditionally hard-to-secure areas: Security teams often lack visibility and control in highly dynamic virtualized data center environments. VMware Carbon Black Cloud Workload protects workloads running in these environments by combining foundational vulnerability assessment and workload hardening with industry leading next-generation antivirus (NGAV), workload behavioral monitoring, and endpoint detection and response (EDR) for workloads. With advanced workload protection from VMware Carbon Black, the security team can analyze attacker behavior patterns over time to detect and stop never-seen before attacks, including those manipulating known-good software. If an attacker bypasses perimeter defenses, VMware Carbon Black Cloud Workload empowers security teams to shut down the attack before it escalates to a data breach.