OUR BLOG

Antivirus (AV) solutions, still widely used in many companies today, traditionally rely heavily on something called "signature matching" to identify threats to a device. AV software compares files with a known database of "bad" files. When a match is found, the file is recognized as a threat. AV software may also use heuristics – behavior-based predictions – to try to examine the behavior of a file or process, but the primary method of detection/protection is the signature database.

 

EDR (Endpoint Detection and Response) software reverses that model, relying primarily on the analysis of the behavior of what happens at the endpoint. For example, if a Word document launches a PowerShell process and executes an unknown script, that's concerning. The file will be flagged and quarantined until the validity of the process is confirmed. Not heavily relying on signature files allows EDR software to better respond to new and advanced threats.

 

While there is some overlap between EDR and traditional AV solutions, EDR is certainly a more comprehensive solution.

 

Sky Express, a regional leader in digital data protection and the recipient of recognition as the best cybersecurity partner of VMware, introduces VMware Carbon Black EDR - the next-generation antivirus solution.

 

VMware Carbon Black EDR (Endpoint Detection and Response) represents a set of security solutions based on Cloud technology, focusing on protecting endpoints. The endpoint is what you use to access the digital world, whether it's a device for connecting to the network, accessing social media, or other content in your favorite cloud. For most of us, our smartphone is our favorite endpoint. It could also be your desktop or laptop computer.

 

Environments in which companies operate have become incredibly complex ecosystems, making endpoint security a significant challenge. Traditional solutions work efficiently in specific circumstances, but today there are simply too many attacks, too often, on too many fronts. The shift in the traditional way of working within companies, where employees now often work from locations not protected by company devices, rules, and procedures, has contributed to the focus on securing endpoints. All endpoints are connected to networks, and securing endpoints aims to protect the network from unauthorized access through these endpoints. When you control physical access to a device – and control what happens on the device – you are in an excellent position to protect it. But today, devices connect to networks from almost anywhere data or Wi-Fi access is available. They usually don't connect within the protective firewall and, as with your smartphone, can have all kinds of applications on them. This opens up a myriad of potential ways for bad actors to try to "sneak" into the network. This means that securing endpoints is crucial for overall cybersecurity.

 

The ability of a company to detect, analyze, and respond to threats occurring on endpoints is a critical initiative for IT teams. Traditionally, such tasks burdened security teams, primarily because many tasks involved strenuous manual work. Each security challenge companies face (endpoint protection, web application protection, protection against unauthorized access, and many others) requires financial investments (acquiring solutions, training staff, etc.) and time. In many companies, this way of working has led to separate functioning of IT and security teams on one hand, and on the other, it's almost impossible to ascertain whether all the controls you've established are functional, monitored by responsible personnel, and whether you have the ability to quickly and easily correlate all events in the event of a security incident.

 

Understanding that a different approach is needed, VMware decided to acquire Carbon Black in 2019. Now, with the help of just one agent that doesn't affect system performance, teams can detect and prevent attacks that have never been seen before almost in real-time.

 

VMware Carbon Black Cloud consolidates endpoint protection and IT operations into an endpoint protection platform (EPP) that prevents advanced threats and enables companies of all sizes to simplify their daily operations. Analyzing billions of security events worldwide daily, VMware Carbon Black has key insights into attacker behavior, allowing users to detect, react, and stop new attacks.

 

VMware Carbon Black unites multiple capabilities for protecting endpoint devices using a single agent and a centralized console, allowing you to work faster and more efficiently.

 

Most of today's cyberattacks involve advanced tactics and methods that target legitimate tools (primarily legitimate operating system processes) to cause harm. These sophisticated attack methods pose a significant risk to targets with decentralized systems protecting high-value assets, including money, intellectual property, and state secrets.

 

VMware Carbon Black Cloud prevents attacks by facilitating:

 

Analysis of billions of system events to understand what is normal in your environment.

Preventing attackers from abusing legitimate tools.

Automating incident investigation processes to effectively respond to incidents.

To improve a company's security, visibility needs to be improved because you can't defend against something that isn't visible in the cyber space. By unifying functionality into one console, IT and security teams have a common platform for collaboration, which is a shared data source that increases visibility, improves security, and ensures better collaboration.

 

VMware Carbon Black Cloud provides the ability to "harden" endpoints, reducing potential attack surfaces and threat prevention to speed up incident response and defense against various threats, using the following features:

 

Endpoint Standard – Next-Generation Antivirus:

 

Analyze attacker behavior patterns over time to detect and stop never-before-seen attacks, whether it's malicious software, fileless, or living-off-the-land attacks.

Audit and Remediation – Real-time Device Assessment and Sanitation:

 

Easily review the current system state to monitor and enhance the security of all your protected devices.

Enterprise EDR – Proactive Action and Stop:

 

Proactively search for abnormal activities using threat intelligence data.

Is the transformation from traditional antivirus solutions to EDR solutions worthwhile? According to a Forrester report - The Total Economic Impact™ Of VMware Carbon Black Cloud, companies achieved a 379% savings over three years by purchasing VMware Carbon Black solutions. How is this possible? This savings is conditioned by several factors:

 

Time savings through faster investigation and incident stopping – an average of 7.5 hours saved per incident.

Avoided costs in the event of attacks and data theft.

Cost savings due to streamlined operations and better collaboration between IT and security teams.

Savings on audits and compliance.

Cost savings due to fewer OS reinstalls – an average of 75% fewer reinstalls.

With so many networks, cloud services, servers, workloads, and endpoints to protect, the need for cybersecurity professionals is significant. The problem is that there aren't enough of them, and this shortage has existed for some time. Many companies today face a lack of personnel, insufficient training, or the inability to hire such personnel.

 

What is the solution?

 

Partially outsourcing endpoint protection jobs through Managed Security Services (MSS) services. The highly qualified and trained engineering team at Sky Express can help you with endpoint protection, providing your IT team with the time to focus on daily duties and tasks.

 

 

 

 

 

Recent Posts