Carbon Black EDR

Solution Overview
VMware Carbon Black EDR is an advanced threat hunting and incident response solution delivering continuous visibility for top security operations centers (SOCs) and incident response (IR) teams. Carbon Black EDR is delivered through the VMware Carbon Black Cloud, a next-generation endpoint protection platform that consolidates security in the cloud using a single agent, console and dataset.

Using data continuously collected and sent to the VMware Carbon Black Cloud, Carbon Black EDR provides immediate access to the most complete picture of an attack at all times, reducing lengthy investigations from days to minutes. This empowers teams to proactively hunt for threats, uncover suspicious behavior, disrupt active attacks and address gaps in defenses before attackers can. 

Along with continuous visibility, Carbon Black EDR gives you the power to respond and remediate in real time, stopping active attacks and repairing damage quickly.

Goals & Objectives

This scheduled lab environment provides an overview of the features and functionality of VMware's Carbon Black EDR platform. Understand how this solution can be used for threat hunting, incident response, alert validation and triage, root cause analysis, forensic investigations, host isolation and remote remediation.

Learn about the benefits this solution provides:

  • Reduced complexity for more efficient endpoint security
  • Easy deployment, automated updates, and elastic scalability
  • Accelerated investigations with continuous endpoint visibility
  • Complete understanding of root cause to close existing gaps
  • Secure remote access for investigations
  • Greatly reduced dwell time and average time to resolution

Hardware & Software

This lab consists of the following hardware and software:

  • VMware Carbon Black EDR

Server Devices
  • 1x Windows Jumphost (Windows Server 2016).
  • 1x Generic Server (Windows Server 2012).
  • 1x Generic Server (Windows Server 2016).
  • 1x Generic Server (Red Hat Enterprise Linux 7).
  • 1x Generic Server (CentOS 7).
  • 1x Generic Server (Solaris 11).

Client Devices 
  • 1x Attack Client (Windows 10 Enterprise).
  • 1x Generic Client (Windows 7 Enterprise).
  • 1x Attack Host (Kali Linux 2018).