Skip to content

Carbon Black

Overview

Carbon Black is a cybersecurity software platform designed primarily for endpoint protection, meaning it helps protect devices like laptops, desktops, and servers from malware, ransomware, and other threats.

It was originally developed by Carbon Black, Inc., which was acquired by VMware in 2019. Since then, it’s been part of VMware’s security offerings, often called VMware Carbon Black.

Here’s what it does in a nutshell:

Main Purpose

Carbon Black provides:

  • Endpoint Detection and Response (EDR):

    • Continuously records activity on endpoints.
    • Lets security teams hunt for threats, detect suspicious behaviors, and investigate incidents.

  • Next-Gen Antivirus:

    • Uses machine learning, behavioral analysis, and cloud threat intelligence instead of just traditional signature-based antivirus.

  • Managed Threat Hunting:

    • Some editions include expert teams monitoring customer environments for advanced threats.

Key Capabilities

  • Real-Time Visibility:

    • See exactly what’s happening on every endpoint (process executions, file modifications, network connections).

  • Behavioral Analysis:

    • Detects malicious activity based on how processes behave (e.g., ransomware encrypting files quickly).

  • Prevention and Control:

    • Blocks known and unknown malware automatically.
    • Can quarantine compromised machines or files.

  • Threat Hunting and Forensics:

    • Security analysts can replay historical endpoint activity to understand attacks.

  • Cloud-Based Management:

    • Centralized console for visibility and control.

Product Variants

Carbon Black comes in several products and bundles, including:

  • CB Defense: Next-gen antivirus and EDR.
  • CB Response: Focused EDR solution (historical data collection and live response).
  • CB LiveOps: Query and remediate endpoints in real time.
  • Carbon Black Cloud: Unified platform combining prevention, detection, and response in the cloud.

Use Cases

Organizations use Carbon Black to:

  • Protect against malware, ransomware, and fileless attacks.
  • Investigate and respond to security incidents quickly.
  • Meet compliance requirements for endpoint security.
  • Hunt for sophisticated threats across the environment.