VMware, a top provider of cloud and virtualization software, has announced significant advancements in its Carbon Black Extended Detection and Response (XDR) strategy, specifically targeting cloud native applications. The company's new offering, Cloud Native Detection and Response (CNDR), aims to provide VMware Carbon Black customers with unified visibility, security, and control in highly dynamic and complex modern application environments.
The popularity of containers and Kubernetes has been on the rise, becoming integral to the modern application transformation as organizations adopt multi-cloud and hybrid technology infrastructures. However, the growing adoption of cloud native architectures and containers also expands an organization's attack surface, presenting new challenges for Security Operations Center (SOC) teams.
With CNDR capabilities, VMware Carbon Black aims to enhance its leading XDR solution by delivering advanced threat detection for containers and Kubernetes within a single, unified platform. The new features aim to provide runtime protection for Linux containers, offering a scalable approach to safeguard applications from emerging threats and eliminating blind spots for attackers to exploit.
Jason Rolleston, vice president and general manager of VMware Carbon Black, highlighted the critical need for security visibility and control that spans the entire application lifecycle, without requiring security teams to be experts in containers and Kubernetes. “The rise of containers, and often the resulting lack of visibility and limited control security teams have, has created a perfect storm for attackers to target cloud native applications as a means of entry into an enterprise,” said Rolleston. “In order for security teams to keep up, it’s critical that organizations have security visibility and control that spans the entire application lifecycle and does not require them to be experts in containers and Kubernetes. With our advanced CNDR solution, VMware Carbon Black is the only partner that delivers threat detection and response from a single console across endpoints, workloads, and containers.”
The Enhanced Cloud Native Detection and Response in VMware Carbon Black brings several benefits to SOC teams and incident responders:
Enhanced visibility: VMware Carbon Black continuously monitors processes running in both container and Kubernetes environments, displaying alerts in the familiar Carbon Black console, thus seamlessly integrating with existing workflows.
Context and historical data: Containers' ephemeral nature makes it challenging to obtain historical data on previous anomalies detected in a container that no longer exists. Carbon Black addresses this by keeping historical data in the cloud, enabling security teams to analyze alerts from previously existing containers.
Simple alert triaging: Security analysts gain insights into the steps attackers might have taken in any given environment, with enhanced visibility into events originating from specific containers or Kubernetes nodes.
VMware expects the CNDR capabilities for containers and Kubernetes to be available within the next six months, building on their vision for protection, detection, and response with accelerated deployment and easier adoption.