Today, Security Operations Center (SOC) teams are understaffed and overwhelmed by cyberattacks that are increasing in both volume and sophistication. Amid the rapidly evolving threat landscape, security teams are spending too much time monitoring and validating alerts instead of gaining visibility and an understanding of the threats in their environment. A new VMware Carbon Black Cloud capability helps fill the gaps of understaffed security teams by providing 24/7/365 monitoring, alert triage, and threat analyst guidance on policy changes as well as assistance with threat containment in the event of an incident.
Introducing Managed Detection and Response for Endpoints and Workloads
VMware Carbon Black Cloud Managed Detection and Response (MDR) for endpoints and workloads provides critical insight into attacks along with recommendations for policy changes customers can take to remediate the threat. VMware Carbon Black Cloud MDR, supported by a world-class team of security experts, helps enterprises respond more quickly to cyberattacks. Our analysts monitor and analyze the data for our MDR customers in the VMware Carbon Black Cloud using advanced machine learning and algorithmic tool sets.
“As the threat surface expands and cyberattacks become increasingly destructive, our customers require a strong security posture that can be realized at speed,” said Kal De, vice president and general manager of VMware’s Security Business Unit. “VMware’s mission is to enable our customers to have the security required for the threats of today and tomorrow. Our MDR offering provides customers with the threat intelligence and the guidance required to help reduce the overall risk of security incidents.”
The new offering will provide security and IT teams with increased visibility and faster incident response, helping to reduce SOC staffing pressures and freeing up time for the security team to proactively hunt threats to better protect their organizations.
Threat Analyst Support to Stay One Step Ahead of Attackers
VMware analysts monitor MDR customer environments around the clock to protect the organization and provide critical threat intelligence. They can notify customer IT and security teams via email of threats and provide specific policy changes to address the threat via the VMware Carbon Black Cloud. In addition, analysts are available to provide customers with incident remediation guidance and assist with threat containment during an incident.
“We have over a million licensed endpoints on managed detection today and are exposed to different attacks across every vector, whereas an analyst sitting in a single SOC for an enterprise may not come across the same breadth and depth of threats,” said Taree Reardon, manager of MDR at VMware. “We’re able to give customers increased visibility into their environment because we can layer on that threat expertise which allows our analysts to identify and contain threats more quickly. By handling the first level of triage, this helps to reduce staffing pressures.”
As organizations defend against increasingly sophisticated and destructive attacks, VMware Carbon Black Cloud MDR will help bolster threat intelligence, expand incident response support, and provide expert alert triage and containment to reduce the time spent on an investigation. An example of the real-time analysis that supports VMware’s MDR offering is demonstrated in the dissection of the BlueKeep Windows exploit by VMware security experts. Providing this level of critical insight through VMware’s MDR offering opens up resources for SOC teams to focus on strategic initiatives and proactive threat hunting to better defend against cyberattacks.
VMware Carbon Black Cloud MDR is now available. For more information, please visit our MDR product page.