VMware Carbon Black Cloud Audit and Remediation

Real-Time Device Assessment & Remediation Even the most effective security teams are often forced to play catch up during emergency situations due to limited time and resources to perform regular, proactive analysis and evaluate potential risks. Any delays during the investigation prolongs downtime and leaves the organization open to increased risk. Once the scope of an attack is understood, dispersed processes and tool sets can cause bottlenecks that delay the remediation of problematic endpoints. VMware Carbon Black Audit and Remediation is a real-time assessment and remediation solution that gives teams faster, easier access to audit and change the system state of endpoints across their organization. By providing administrators with real-time query capabilities from a cloud-native endpoint protection platform, Audit and Remediation enables teams to make quick, confident decisions to harden systems and improve security posture. Audit and Remediation closes the gap between security and operations, allowing administrators to perform full investigations and take action to remotely remediate endpoints all from a single solution.

KEY CAPABILITIES Single Agent, Cloud Platform Audit and Remediation is built on the PSC, a cloud-native endpoint protection platform that offers converged prevention, detection, and response with additional services that can be activated as you need them, using the same converged agent, without any additional deployment or infrastructure. On-Demand Queries Audit and Remediation gives your Security & IT Operations team visibility into even the most precise about the current system state of all endpoints, enabling you to make quick, confident decisions to reduce risk. Immediate Remote Remediation Audit and Remediation closes the gap between security and operations, giving administrators a remote shell directly into endpoints to perform full investigations and remote remediations all from a single cloud-based platform. Simplified Operational Reporting Audit and Remediation allows you to schedule daily, weekly, or monthly queries to automate operational reporting on patch levels, user privileges, disk encryption status and more to track & maintain the desired state of your ever-changing environment.

BENEFITS

• žExecute abroad range of operational activities quickly and confidently

• žEstablish proactive IT hygiene to prevent attacks
• žBuild consistency into operational reporting and auditing processes

• Remove barriers between security analysis and IT operations
• žExtend existing investigation and remediation capabilities
• žReplace adhoc scripts and manual tasks with a structured security platform
• žAutomate operational reporting with scheduled queries

AUDIT AND REMEDIATION

• žLeverages the same agenta nd console as NGAV, EDR and threat hunting platform
• žCloud-based storage of all query results
• žEasy access to unified data across Security and IT teams

FEATURES

• žPre-Built Recommended Queries
• žSQL query (open text field)
• žQuery Scheduler
• žCopy & Re-run Queries
• Save and favorite queries
• žEmail notifications
• žFilter and group results
• žData export
• žSecure shell for remote remediation
• žTwo-way API

PLATFORMS

• žWindows 7 and above
• žWindows Server 2008 R2 and above
• žMacOS 10.10 and above
• žRedHat 6 and above
• žCentOS 6 and above
• žUbuntu 16.04 and above
• žSUSE 12 and above
• žOpenS USE 15 & 42
• žAmazon Linux 2