Carbon Black EDR is an on-premises threat hunting and incident response solution designed for Security Operations Center (SOC) teams with offline or on-premises requirements. It continuously records and stores endpoint activity data, enabling security professionals to hunt threats in real time and visualize the complete attack kill chain using aggregated threat intelligence. Key features include continuous visibility, scalable threat hunting with custom and cloud-delivered threat intel, automated watchlists, rapid response capabilities for real-time remediation, attack chain visualization, live response for remote remediation, and an open API with numerous integrations. Carbon Black EDR empowers organizations to detect and respond to advanced attacks at scale, reduce investigation time, and improve their overall security posture.

Features:

• Continuous visibility: Collects comprehensive endpoint event data for rapid investigations.
• Scalable hunting: Combines custom and cloud-delivered threat intelligence and automated watchlists.
• Rapid response: Enables real-time threat containment and remediation.
• Centralized recording: Provides centralized access to continuously recorded endpoint data.
• Live response for remote remediation: Allows secure connection to infected hosts for remote actions.
• Attack chain visualization and search: Offers intuitive visualization for identifying root causes and attacker behavior.
• Out-of-the-box and customizable behavioral detection: Detects threats based on observed behavior.
• Multiple, customizable threat intel feeds: Integrates various threat intelligence sources.
• Automated watchlists capture queries: Automates threat hunting based on defined criteria.
• Process and binary search of centralized data: Enables in-depth analysis of collected data.
• Open API and 120+ out-of-the-box integrations: Facilitates integration with other security tools.
• On-prem, virtual private cloud, SaaS, or MSSP deployment options: Offers flexible deployment options.