VMware launches Carbon Black Cloud MDR to bolster SOC efficiency

VMware has launched VMware Carbon Black Cloud Managed Detection and Response (MDR), designed to help enterprises with understaffed SOCs (Security Operation Center) fill the gaps arising from rapidly evolving threat landscapes.

With a mission statement from VMware that promises to go beyond monitoring threats and validating alerts in order to gain visibility and understanding into various threat environments, the newly launched MDR offers round-the-clock monitoring, alert triage, and threat analyst guidance on policy changes as well as assistance with threat containment in the event of an incident.

“Our MDR offering is built for CISOs, CTOs and SOC (Security Operations Center) managers looking to increase visibility within their environments, reduce security staffing pressures, and speed up incident response,” says Kal De, vice president and general manager of security business unit at VMware. “As our customers take steps to empower their SOC teams amid the increase in cyberattacks, our MDR offering provides critical insight and analyst guidance to SMBs, large enterprises, existing partners, and our government customers.”

MDR aims for endpoint, workload protection

VMware Carbon Black Cloud MDR is designed to provide insight into attacks on endpoints and workloads, as well as recommendations for policy changes that customers can take to remediate threats.

“The risk and the cost of a breach is absolutely too huge, especially for a midsized to enterprise size business,” says Constellation Research analyst Liz Miller. “With VMWare’s expansive network of endpoints that can accelerate the rate of detection, this could be that early warning and awareness system teams are looking for. This is especially interesting for CISOs who are considering and weighing if an MDR or an XDR solution is right for them right now.”

Analyst services enhance threat analysis

VMware analysts monitor MDR customer environments, using proprietary machine learning algorithms to offer threat analysis, guidance on policy changes, and help with threat remediation in the event of an incident.

As VMWare will need to have access into a client’s network to effectively implement the solution, there is a concern for it to become an attack vector. “Any solution you bring into/onto/remotely close to your network and infinite perimeter could become a vulnerability or threat,” added Miller. “This is why one solution is never going to be the silver bullet. This is about layering smart approaches and not assuming that VMware will take care of it all.”

Features offered by VMWare Carbon Black Cloud MDR include threat validation, email alerts, root cause analysis, threat advisories, monthly reports, incident response communications with analysts, and threat containment.

“Because of [VMware’s] global expertise and knowledge, these services can just see more and see faster than the average in-house team that could be juggling thousands of alerts and issues. This brings focus where it is needed most: giving the in-house security talent the space and the time to address critical alerts and investigations,” added Miller.