Security and IT teams have recently been facing a tidal wave of highly publicized breaches stemming from unpatched vulnerabilities, such as the attacks originating from a zero-day Windows printer spooler vulnerability dubbed ‘PrintNightmare’ (CVE-2021-34527). These software vulnerabilities are a major threat vector that security teams need to address. They are excited to announce the launch of the vulnerability management module for VMware Carbon Black Cloud Endpoint. By adding vulnerability management to VMware Carbon Black Cloud Endpoint, customers can further streamline and consolidate key security functionality into a single cloud-native agent and console. Delivering risk-Prioritization VMware’s new offering delivers risk-prioritization and increased visibility so security teams can focus on exploitable vulnerabilities. “In the first half of 2021, we’ve well surpassed the number of zero-days exploited than were seen in all of 2020. Vulnerability management must be a core functionality for security teams as they fight back against an onslaught of attacks.” Organizations can now monitor their Windows and Linux endpoints for OS and application vulnerabilities “Our vulnerability management module allows defenders to easily prioritize which vulnerabilities are considered critical, all within one single platform,” said Scott Lundgren, CTO, Security Business Unit, VMware. Organizations can now monitor their Windows and Linux endpoints for OS and application vulnerabilities and prioritize remediation based on the risk of exploit. Day security tasks By leveraging the existing lightweight VMware Carbon Black Cloud Endpoint sensor to collect application and OS data and combining it in the cloud with Kenna Security’s enriched vulnerability insights and risk scores, customers can reduce the system impacts and manual efforts associated with point-in-time vulnerability scans and manage their vulnerabilities in an ongoing fashion alongside their other day-to-day security tasks. The vulnerability management module helps security teams understand the current state of endpoint vulnerabilities within the VMware Carbon Black Cloud console so they can act quickly and with context in the event of an attack. The increased visibility proactively reduces the attack surface because organizations can better identify vulnerabilities and harden endpoints before a vulnerability is exploited. Creating resource overhead This new offering extends VMware’s existing partnership with Kenna Security to provide dynamic risk scoring It’s important to note how increased visibility is achieved. Traditionally, legacy vulnerability vendors would perform a scan on the endpoint itself, creating resource overhead. Because of this overhead, customers had to schedule time (usually once a month or quarter) to perform the scan during downtime. This meant more planning and less frequent data updates. With this new offering, VMware Carbon Black Cloud not only offloads the overhead from the endpoint to the cloud, but it automatically updates vulnerability data every 24 hours. This scanless approach to vulnerability management eliminates the need to plan for downtime before scanning and automatically provides up-to-the-minute vulnerability information. This new offering extends VMware’s existing partnership with Kenna Security to provide dynamic risk scoring and prioritization for endpoint vulnerabilities without the need to rely on scanner data alone. Science-Based approach Within the VMware Carbon Black Cloud, one will see a prioritized list of CVEs (Common Vulnerabilities and Exploits) that is updated with a no-touch, incredibly low-impact data collection. Their partnership with Kenna Security enables the integration of their unique data science-based approach to risk prioritization. Their partnership with Kenna Security enables the integration of their unique data science-based approach “Modern vulnerability management requires visibility, accuracy, and velocity to achieve successful outcomes. Extending our partnership with VMware Carbon Black Cloud from their workload offering to their endpoint offering will arm security teams with visibility into the vulnerabilities in their endpoints, accurate data science-based risk scoring, all at the speed required for businesses to prioritize the right actions at the right time and meaningfully reduce the risk for their organizations,” said Ed Bells, CTO and Co-Founder, Kenna Security, a Cisco Company. Additional overhead cost This new offering enables risk-based vulnerability management to be built into one single agent and delivered with the standard VMware Carbon Black Cloud sensor at no additional overhead cost. By focusing on intelligent risk scores that go beyond the industry standard of CVSS and indicate real-world exploits of vulnerabilities, security teams can reduce the number of noisy alerts and false positives and spend time remediating vulnerabilities that create real risk in their environments. This allows organizations to better identify the true risk of every endpoint, with easy-to-understand risk scores and detailed intelligence. Meanwhile, security teams can focus on the vulnerabilities that matter, remediate them faster, and adopt a proactive security posture focused on protecting against emerging threats.
Carbon Black, a provider of next-generation endpoint security delivered via the cloud, announces that it delivered zero delayed detections and zero tainted detections in the MITRE Corporation’s Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) assessment. The MITRE assessment tests the ability to quickly detect specific adversary tactics and techniques as captured in the ATT&CK knowledgebase. The evaluations for this initial testing period used a MITRE-developed APT3 emulation plan on behavior detection, telemetry and enrichment, among other elements. In the assessment, CB Response demonstrated it could automatically detect and display adversarial behaviours without humans-in-the-loop across the entire MITRE ATT&CK Matrix, which includes: initial access, execution, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, and command and control. Real-World Attacks MITRE has set an excellent standard for how testing should be conducted in an open, rigorous, and sophisticated way" “We’re proud to be among the initial vendors evaluated by MITRE and we’re extremely proud of these results. We attribute our very strong showing to our philosophy of building products the right way for the long haul,” said Scott Lundgren, Carbon Black’s Chief Technology Officer. “Objective, transparent and open testing is critical as a means of driving the industry forward, and the MITRE ATT&CK framework offers a critical look at how real-world attacks play out. We believe MITRE has set an excellent standard for how testing should be conducted in an open, rigorous, and sophisticated way. We thank MITRE for its leadership.” “We’re very pleased with the participation in our first round of ATT&CK-based evaluations,” said Frank Duff, MITRE lead engineer for the evaluations program. Endpoint Data Collection “Effective cybersecurity can’t be done alone. We look forward to continued collaboration with the industry to help vendors understand their capabilities against known adversary behaviors and empower customers to more effectively buy and deploy these security solutions.” Carbon Black’s MITRE ATT&CK feeds combine the power of Carbon Black’s unfiltered endpoint data collection and a robust collection of adversary techniques In conjunction with the assessment results, Carbon Black announced it has added MITRE ATT&CK threat intelligence feeds to CB Response and CB ThreatHunter to deliver new behavior-based threat intelligence to customers. Carbon Black’s MITRE ATT&CK feeds combine the power of Carbon Black’s unfiltered endpoint data collection and a robust collection of adversary techniques to simplify threat detection and threat hunting. Unfiltered view The new threat feeds map directly to the various attack tactics outlined by MITRE. “By adding ATT&CK threat intelligence feeds to Cb Response and Cb ThreatHunter, organizations now have an unfiltered view into all endpoint activity viewed through the lens of attack building blocks and behaviours noted by MITRE. We believe this results in more comprehensive and advanced threat hunting capabilities for security professionals,” said Lundgren. “The ATT&CK threat intelligence feeds directly integrate detection of ATT&CK tactics and techniques into the CB Response and CB ThreatHunter products, underscoring Carbon Black’s commitment to ATT&CK and other open standards and frameworks.”