VMware, Carbon Black Tap Apps' Behavioral Data To Stop Security Attacks
VMware and endpoint security firm Carbon Black are collaborating on a new security solution that aims to analyze historical application data to protect datacenters against unknown threats.
The new solution, announced late last week, will become generally available by February 2018. It essentially combines elements of AppDefense, the relatively new application-whitelisting product from VMware, and Cb Defense, Carbon Black's cloud-based anti-virus solution. The resulting product will be a "total endpoint security" solution for software-defined datacenters, according to a blog post by Tom Barsi, senior vice president of business development at Carbon Black.
"This new solution provides an unprecedented level of security for applications running on VMware and will help businesses around the world (who are running more than 60 million virtual machines) achieve the highest levels of security," Barsi wrote. "It is also the industry's first security solution that fully leverages the unique properties of virtualization plus streaming prevention to prevent, detect and respond to advanced threats."
The new solution -- so far, neither company has revealed its official name in press materials -- will take a three-pronged approach to protecting applications inside the datacenter. First, it will establish and enforce "known good application behavior." Tapping AppDefense's whitelisting capabilities, the joint solution will be able to identify how a given organization's endpoints behave when they're secure and healthy. This intelligence includes being able to distinguish between endpoint changes that are legitimate and which are cause for suspicion.
Second, the solution will analyze an applications' historical behaviors to root out suspicious activities. "The solution will leverage application context to perform advanced behavioral threat detection to provide additional protection beyond least privilege. Any threat that isn't prevented by locking down the application's behavior will be picked up by Carbon Black's Streaming Prevention -- a next-gen threat detection technology that uses event stream processing to correlate multiple events over time to indicate the presence of a threat," Barsi wrote.
Third, the solution will allow users to automate their responses to attacks, whether it's taking a snapshot of an affected instance, or quarantining or suspending a compromised virtual machine.
The new joint offering represents an expansion of VMware's existing partnership with Carbon Black that allows AppDefense users to access Carbon Black's security platform, Predictive Security Cloud.
To promote their new offering, VMware and Carbon Black are embarking on a 15-city roadshow to give businesses a chance to test-drive the solution in person. Information on cities and dates is available on this page with sign-up. More information on the solution itself is available here.