Today, we are excited to announce the launch of VMware Data Retention for VMware Carbon Black Cloud. This new offering enables organizations to retain their event data for an additional 60, 90, or 180 days. VMware’s vision is to create a flexible automated platform that is fit for any purpose, therefore enabling organizations who face increased complexity across their security stack to maintain historical data to respond effectively to any breach.
On average, it takes 150 days to identify and respond to a breach. Whether you are proactively or retroactively looking to identify and respond to a threat, or even conduct a post-incident investigation, long-term data can be the missing key. Without long-term data, you can lose the root cause making it difficult to build a stronger cyber defense for the future. There are many examples that highlight why it is critical to have a longer period that allows security teams to look back and investigate events and IOCs in the environment.
When a breach happens, organizations must be able to answer the following questions:
- How were we breached and what was the root cause?
- Did the threat actor persist in my environment?
- Has there been lateral movement? What is the extent of the damage?
VMware Data Retention is delivered as a platform add-on to the VMware Carbon Black Cloud, a next-generation endpoint, workload, and container protection platform that consolidates security in the cloud using a single agent, console, and data set.
Using data continuously collected and sent to the VMware Carbon Black Cloud, both Next Generation Anti-Virus (NGAV) and Enterprise Endpoint Detection and Response (EDR) modules always provide immediate access to the most complete picture of an attack, reducing lengthy investigations from days to minutes. With VMware Data Retention, enterprises now have a longer time to analyze and utilize their data. This will empower teams to proactively hunt for threats, uncover suspicious behavior, disrupt active attacks and address gaps in defenses before attackers can.
VMware Data Retention for VMware Carbon Black Cloud will provide organizations with access to all the relevant data to:
Investigate with speed and accuracy
Organizations will now have access to the right data at the right time to close down the meantime to Resolution (MTTR). Having context and visibility for an increased period of time gives security teams greater ability to rewind the tape and understand the entire attack chain. This enables security analysts to investigate the entire attack and answer the key questions around what happened, where it happened, and how to resolve it quickly.
Increase confidence for threat hunting
Leveraging the attack chain visualization in the Enterprise EDR Module on the VMware
Carbon Black Cloud, organizations have the ability to perform historical threat hunts on specific Indicators of Compromise (IOCs), MITRE-based Tactics, Techniques and Procedures (TTPs) across the entire environment.
Compliance regulations that have data retention and audit policies may require organizations to keep event data for an increased period. You can be ready for audits including HIPAA, NIST, PCI DSS and many more by leveraging VMware Data Retention for VMware Carbon Black Cloud.
VMware and Carbon Black are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and other jurisdictions.