VMware Carbon Black Cloud Endpoint

Additional Info

Company size (employees)10,000 or more
Headquarters RegionNorth America
Type of solutionSoftware


Most of today’s cyberattacks feature advanced tactics such as lateral movement and island hopping that target legitimate tools to inflict damage. VMware Carbon Black Endpoint features cloud-native endpoint security that thwarts attacks by analyzing billions of system events to understand what is normal in a customer’s environment, prevent attackers from abusing legitimate tools, and automate investigation workflow so that customers can respond efficiently.

As a next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution with an easy-to-manage, cloud-native EPPs, VMware Carbon Black Endpoint combines prevention and automated detection to defend from today’s advanced cyberattacks and distributed endpoints. Integration with VMware’s Carbon Black Cloud universal agent and console means customers can consolidate endpoint agents and manage all prevention needs through a unified platform, delivering breakthrough prevention.

By going beyond just collecting data around malicious behavior, VMware Carbon Black Endpoint redefines traditional endpoint security and continuously gathers endpoint activity data to build a comprehensive dataset to analyze. The solution applies behavioral analytics to endpoint events to streamline detection, prevention and response to cyberattacks – empowering customers to protect their organization and contextualize threats.

VMware Carbon Black is powered by VMware Contexa, a full-fidelity threat intelligence cloud that records and processes over 1.5 trillion endpoint events and over 10 billion network flows daily, along with strategically curated threat intelligence data captured through technology partnerships. Today, VMware Contexa uncovers over 2.2 billion suspicious behaviors daily, achieving zero touch detection and automated, graduated response for over 80 percent of these events. VMware Contexa sees what other solutions don’t and stops what other solutions can’t.

Jeremy Wilkins, Security Technology Administrator, OFS, said: “Our time to value was almost instantaneous. I’m spending less time tracking down false positives and spending more time triaging and acting on threats.”

How we are different

● Multilevel protection to combat traditional endpoint security vulnerabilities: Most cyberattacks encompass tactics including lateral movement, island hopping and ransomware. Advanced hacking capabilities and services for sale on the dark web compound the issue. VMware Carbon Black Endpoint thwarts attacks by employing multiple protection layers, including file reputation and heuristics, machine learning, and behavioral models to analyze endpoint activity and block malicious behavior. This prevents attacks before they reach critical systems. Flexible behavioral prevention policies make protection easily tailorable to customers’ distinct needs.
● Simplified security stack meets easy-to-use cloud native platform: VMware Carbon Black Endpoint consolidates multiple endpoint security capabilities using one endpoint agent and console. Minimizing incident response downtime and returning critical CPU cycles back to the business, VMware helps customers free up resources with an easy-to-use cloud platform for fast integration into existing systems. VMware Carbon Black Endpoint offers comprehensive prevention and endpoint activity analysis, and enables customers to better operationalize security to make more effective use of resources.
● Prioritized alerts, attack chain visualizations, and in-product response capabilities: Customers save money and reduce time investigating and responding to incidents with VMware Carbon Black Endpoint. While other endpoint security products only collect a dataset related to what is known to be bad, VMware Carbon Black Endpoint continuously collects endpoint activity data because attackers intentionally try to look normal to hide their attacks. With visibility into the entire attack chain and endpoint activity analysis, VMware eliminates the time customers would normally spend on tracking down which systems were affected and when. Remote response capabilities allow customers to minimize downtime to endpoints and instantly roll back attacks straight from the console with remote response capabilities. VMware customers also benefit from insights into the latest attacks and remediation tips from the VMware Threat Analysis Unit and industry peers.