eSentire and VMware Carbon Black: Delivering World-Class Managed Endpoint Security

With many organizations forced to rapidly implement work-from-home operating models—and with widespread uncertainty about how long such models will persist—endpoint security has never been more important. It’s against this backdrop that eSentire and VMware Carbon Black continue to build the success of our nearly five-year strategic partnership.

Why does this close relationship matter? The short answer is that the powerful combination of VMware Carbon Black’s products and eSentire’s Managed Detection and Response (MDR) delivers world-class managed endpoint security to our customers—especially now with the cloud-delivered availability of VMware Carbon Black Cloud Enterprise EDR for threat hunting and incident response.

For the longer, more detailed explanation, read on.

The Perimeter is No More: Bring Your Office Home

When the recent health pandemic struck, it accelerated two trends which had already been underway for quite some time.

First, with more powerful mobile devices and more reliable Internet connections, “work-from-anywhere” models have grown in popularity, with work-from-home a sub-category of this broader shift. One important outcome is that traditional security perimeters are all but disappearing—or, at the very least, evolving. In the not too distant past, most of an organization’s devices and systems—including its many endpoints—were located on a trusted network behind a perimeter consisting of firewalls, IDS/IPS and other security solutions. Those days are over.

Second, widespread adoption of cloud-based services was well underway before the pandemic. But the associated benefits of increased flexibility and reduced management overhead become even more valuable as employees around the world work from home. However, with that shift, your organization’s important applications and services are no longer housed in your secure datacenter, behind layers of security that you built and control.

Each of these trends has serious consequences for an organization’s cybersecurity posture and strategy; combined, they’re disruptive. Plus, threat actors have adjusted tactics to target unsuspecting home office workers in an attempt to gain access to corporate networks and valuable data. There’s no question that, for the foreseeable future, protecting distributed home offices should be a company’s number one priority.

And that’s a major reason why endpoint security is so important, now more than ever.

But “security” can be an ambiguous term, so we should be more specific. For an endpoint security strategy to be successful, it requires as a minimum two functional components:

• Prevention, through next-generation antivirus (NGAV)
• Detection and response, to identify and contain threats which bypass defenses

The most effective way to deliver these functions is to run an agent directly on each endpoint, because doing so provides unmatched visibility into and—vitally—control over the device’s activity. This approach fills in gaps and re-strengthens the security posture by equipping security personnel with the tools needed to quickly investigate threats and take decisive, difference-making action to isolate devices and stop malicious processes.

Importantly, no one knows with any certainty when social distancing measures will be relaxed; moreover, many organizations are exploring (or have already announced) a permanent shift to a work-from-home-oriented operating model. So not only is it truly endpoint’s time to shine, but the investment has tremendous long-term value.

Signals and Noise: Security as a Big Data Problem

The telemetry that comes from agents running on countless endpoints—not to mention the range of other sources leveraged in MDR, including logs, cloud services and network traffic—can easily overwhelm private security operations centers (SOCs) and security teams. Even just a mid-sized organization can generate 10,000 events per day. How do you sift through those events, filtering out the noise to spot real threats, while avoiding false positives and false negatives—all without burning out your analysts?

And that’s where eSentire’s expertise comes into play. eSentire invented the MDR category and has spent almost two decades investing in proprietary data processing systems and management workflows which empower security analysts to keep pace with the enormous volume of events coming into our SOCs.

Plus, in the nearly five years during which our two companies have worked together, we have developed a tight technical integration and operational coordination, yielding tremendous benefits for our customers:

• eSentire’s personnel make maximum use of VMware Carbon Black’s technical capabilities: VMware Carbon Black’s endpoint defenses provide unparalleled visibility into, and control over, what’s happening on a device, and eSentire’s SOC analysts and threat hunters leverage that visibility to protect our customers by rapidly detecting and containing threats
• We collaborate on research and reports, which helps push the bleeding edge of our technology and services further and faster and keeps our customers and the broader cybersecurity community informed about emerging threats
• Through years of experience working together, our companies have developed an effective, efficient and consultative engagement model: we align with our customers’ buying processes and then deploy and configure our joint solution quickly, delivering faster time to value

One of the major enablers of our operational effectiveness—and a reason why our joint customers get maximum protection—is that our organizations pioneered cloud-native solutions.

Extensibility, Scale and Protection: Why Cloud-Native Endpoint Security Matters

On first glance, “endpoint” and “cloud” might seem like an unlikely or unimportant combination, so let’s briefly take a closer look to see why being cloud-native is so crucial to both eSentire and VMware Carbon Black.

First, using an Infrastructure as a Service (IaaS) cloud offering can be an economically attractive alternative to building and operating your own data center. However, it’s vital to recognize that just because you run your servers on cloud infrastructure doesn’t mean you don’t need to have defenses in place.

When you operate physical servers, you protect them as you would any other endpoint through an agent providing prevention and control capabilities. You should do the same with the servers running in the cloud, which calls for a cloud-native endpoint security solution.

Second, the cloud provides capabilities that deliver important functional and operational advantages for VMware Carbon Black and eSentire, from which our joint clients benefit.

For example, the cloud provides a scalable location to house (storage) and process (compute) all the telemetry that is the foundation of threat detection; effectively and efficiently processing events allows eSentire’s SOC analysts to quickly investigate issues, reducing the mean time to resolution.

Moreover, relying on the cloud to manage deployments and distribute updates greatly simplifies the upgrade process, meaning more customers gain easier access to more capabilities—whether updates to existing products or upgrades to introduce entirely new functionality. In the reactive and dynamic world of cybersecurity, extensibility and flexibility helps to maximize a security posture,

And just to expand slightly on that final point: because VMware Carbon Black’s EDR products are managed in and delivered from the cloud, it’s straightforward for eSentire’s SOC analysts, threat hunters and sales engineers to configure and utilize the solutions—letting eSentire’s team deliver world-class MDR that maximizes protection.

A Winning Relationship with a Bright Future

These sudden changes in where an organization’s workforce resides has caused businesses of all sizes to grapple with a porous, nebulous “perimeter” and to scramble to stay ahead of emerging threats which attempt to compromise endpoints.

VMware Carbon Black’s single lightweight agent provides the NGAV and endpoint detection and response (EDR) features needed to conduct threat hunting in a secure environment.

esENDPOINT leverages this functionality, putting it in the hands of skilled SOC analysts and threat hunters within a pioneering MDR offering, creating a synergistic 1 + 1 = 3 scenario that leads to better protection.

As threat hunters and analysts identify new tactics, techniques and procedures (TTPs), informing the creation of new EDR capabilities, the partnership between our two companies will deepen and our joint customer base will continue to enjoy unparalleled protection against modern threats.

About eSentire

eSentire, Inc., the global leader in Managed Detection and Response (MDR), keeps organizations safe from constantly evolving cyberattacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. Protecting more than $6 trillion AUM, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.esentire.com and follow @eSentire.

About VMware

VMware software powers the world’s complex digital infrastructure. The company’s cloud, app modernization, networking, security, and digital workspace offerings help customers deliver any application on any cloud across any device. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough technology innovations to its global impact. For more information, please visit www.vmware.com/company.

VMware and Carbon Black are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and other jurisdictions.