Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products

What is VMware Carbon Black Cloud XDR

Summary: VMware Carbon Black Cloud XDR is an add-on feature to the VMware Carbon Black Cloud software as a service (SaaS) solution.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Instructions

VMware Carbon Black Cloud XDR is a consolidation of endpoint and workload security capabilities that provide critical visibility into the network and cloud - reducing blind spots, detecting threats faster, and automating remediation using authoritative context across these domains.


Affected Products:

  • VMware Carbon Black Cloud Enterprise

Affected Versions:

  • Windows Sensor 3.9 or higher

Affected Operating Systems:

  • Windows

Note: For more information about VMware Carbon Black Cloud versions, reference What are the Differences Between VMware Carbon Black Cloud Versions.

VMware Carbon Black Cloud XDR uses its access to raw data collected across the environment to detect bad actors that are using legitimate software to gain access to the system. This correlation is often something security information and event management software (SIEMs) are often unable to do. The automated analysis and correlation of activity data allows security teams to contain threats more effectively as it can extend to include network detections, lateral movement, anomalous connections, beacons, exfiltration, and delivery of malicious artifacts.

Like EDR, XDR responds to the threat to contain and remove it. The difference is with the holistic visibility and context that is part of XDR, it can respond more effectively to the impacted asset, due to its superior data collection and integration with the environment. This pointed detection and response helps to contain not only the threat itself, but also the impact - reducing downtime on critical infrastructure.

There are three parts to XDR: Telemetry and data analysis, detection, and response

  • Telemetry and data analysis: XDR monitors and collects data across multiple security layers, including endpoints, network, server, and cloud. It uses data analysis to correlate context from thousands of alerts from those layers to surface a smaller number of high-priority alerts. This helps to avoid overwhelming security teams.
  • Detection: XDR’s superior visibility allows it to sift through alerts and report on the ones that require a response. That same visibility allows it to create baselines of normal behavior within an environment to enable the detection of threats that leverages software, ports, and protocols, and to investigate the origin of the threat in order to stop it from affecting other parts of the system.
  • Response: Like EDR, XDR can contain and remove threats it detects. It can also update security policies to prevent a similar breach from occurring again. But unlike EDR, which performs this function only on endpoints and workloads, XDR goes beyond endpoint protection - responding to threats across all the security control points it touches, from container security to networks and servers.

What is the difference between XDR and EDR?

XDR extends the capabilities of EDR across all the security layers in the environment. Rather than the single point of view that EDR provides, XDR enables telemetry and behavioral analysis across multiple security layers. This allows security teams to see a better picture of their entire environment.

As bad actors increase the complexity of their attacks, they are not limited to a single security layer. Security teams must also evolve and not limit their view to one layer, either. EDR is a focused view that gives security professionals visibility into endpoints that might be compromised, but this may not be enough. This is where XDR comes in to provide that holistic view of activity across the environment that avoids visibility gaps. XDR allows security teams to understand where a threat comes from and how it is spreading across the environment to eliminate it and allow security teams to stop threats in the future.


To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

VMware Carbon Black
Article Properties
Article Number: 000214387
Article Type: How To
Last Modified: 31 May 2023
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.