跳转至主要内容
  • 快速、轻松地下订单
  • 查看订单并跟踪您的发货状态
  • 创建并访问您的产品列表

What is VMware Carbon Black Cloud XDR

摘要: VMware Carbon Black Cloud XDR is an add-on feature to the VMware Carbon Black Cloud software as a service (SaaS) solution.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。

说明

VMware Carbon Black Cloud XDR is a consolidation of endpoint and workload security capabilities that provide critical visibility into the network and cloud - reducing blind spots, detecting threats faster, and automating remediation using authoritative context across these domains.


Affected Products:

  • VMware Carbon Black Cloud Enterprise

Affected Versions:

  • Windows Sensor 3.9 or higher

Affected Operating Systems:

  • Windows

Note: For more information about VMware Carbon Black Cloud versions, reference What are the Differences Between VMware Carbon Black Cloud Versions.

VMware Carbon Black Cloud XDR uses its access to raw data collected across the environment to detect bad actors that are using legitimate software to gain access to the system. This correlation is often something security information and event management software (SIEMs) are often unable to do. The automated analysis and correlation of activity data allows security teams to contain threats more effectively as it can extend to include network detections, lateral movement, anomalous connections, beacons, exfiltration, and delivery of malicious artifacts.

Like EDR, XDR responds to the threat to contain and remove it. The difference is with the holistic visibility and context that is part of XDR, it can respond more effectively to the impacted asset, due to its superior data collection and integration with the environment. This pointed detection and response helps to contain not only the threat itself, but also the impact - reducing downtime on critical infrastructure.

There are three parts to XDR: Telemetry and data analysis, detection, and response

  • Telemetry and data analysis: XDR monitors and collects data across multiple security layers, including endpoints, network, server, and cloud. It uses data analysis to correlate context from thousands of alerts from those layers to surface a smaller number of high-priority alerts. This helps to avoid overwhelming security teams.
  • Detection: XDR’s superior visibility allows it to sift through alerts and report on the ones that require a response. That same visibility allows it to create baselines of normal behavior within an environment to enable the detection of threats that leverages software, ports, and protocols, and to investigate the origin of the threat in order to stop it from affecting other parts of the system.
  • Response: Like EDR, XDR can contain and remove threats it detects. It can also update security policies to prevent a similar breach from occurring again. But unlike EDR, which performs this function only on endpoints and workloads, XDR goes beyond endpoint protection - responding to threats across all the security control points it touches, from container security to networks and servers.

What is the difference between XDR and EDR?

XDR extends the capabilities of EDR across all the security layers in the environment. Rather than the single point of view that EDR provides, XDR enables telemetry and behavioral analysis across multiple security layers. This allows security teams to see a better picture of their entire environment.

As bad actors increase the complexity of their attacks, they are not limited to a single security layer. Security teams must also evolve and not limit their view to one layer, either. EDR is a focused view that gives security professionals visibility into endpoints that might be compromised, but this may not be enough. This is where XDR comes in to provide that holistic view of activity across the environment that avoids visibility gaps. XDR allows security teams to understand where a threat comes from and how it is spreading across the environment to eliminate it and allow security teams to stop threats in the future.


To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

受影响的产品

VMware Carbon Black
文章属性
文章编号: 000214387
文章类型: How To
上次修改时间: 31 5月 2023
版本:  1
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。