As more and more endpoints such as Windows, Mac and Linux laptops, workstations and servers are added to your network, they substantially increase the attack surface for threat actors. The prevalence of undetected and standing 24X7 admin user access presents a large attack surface for the “bad guys” to wreak havoc using compromised accounts to move laterally through your environment, stealing sensitive information from your endpoints.
In fact, 74% of breached organizations admitted the breach involved access to a privileged account*. There is a need for an automated way to remove that standing access across platforms and to provision the appropriate access directly to user accounts just for the time needed.
Endpoint Detection and Response (EDR) solutions record and store endpoint system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to protect and restore affected systems. As EDR continues to increase its effectiveness in detecting malware and unusual activity, threat actors have pivoted to using compromised privileged accounts.
Their activity using these accounts is hard to distinguish from normal activity. Protecting a company today requires a comprehensive approach that that coordinates detection and investigation of endpoint activity with the rapid reduction of unwanted 24X7 privileged access sprawl that threat actors use to move through environments undetected
The VMware Carbon Black Cloud is a cloud native platform delivering best-in-class, next-generation antivirus, EDR managed detection, and audit and remediation without compromising system performance. This is achieved by consolidating multiple endpoint and workload security capabilities using one agent and console, helping you operate faster and more effectively. As part of VMware’s intrinsic security approach, Carbon Black Cloud spans the system hardening and threat prevention workflow to accelerate responses and defend against a variety of threats.
The joint solution combines the power of SecureONE’s privileged access security with Carbon Black Cloud, enabling organizations to implement Zero Trust security — without adding an additional PAM agent. Carbon Black’s best-in-class protection is complemented by SecureONE’s identity centric response to attacks which are hard to detect. Remediant’s unique approach exposes and removes 24x7 “Just-In-Case” admin rights from endpoints replacing it with easy-to-use Just-In-Time (JIT) access and “Zero Standing Privilege” (ZSP). VMware Carbon Black plus Remediant SecureONE enables organizations to:
The integration of SecureONE with Carbon Black simplifies life for the increasing remote workforce.
JITA session from Remediant SecureONE
(on company network)
JITA session from Remediant SecureONE
(outside of company network) to Windows only
VMware Carbon Black agent records activity and sends to VMware Carbon Black console
SecureONE links to VMware Carbon Black console so activity during (before and after) the session can be investigated
Traditional PAM strategies have left companies ill-prepared for the identity-based attacks on endpoints. The Remediant and VMware Carbon Black integration allows organizations of all sizes to protect their endpoints by discovering and restricting 24X7 privileged account sprawl and enabling Zero Trust security.
The use cases are:
"As the threat landscape evolves, security and IT teams must be empowered to detect and stop emerging attacks,” said Chris Goodman, director of technical alliances, Security business unit, VMware. “Leveraging the VMware Carbon Black Cloud, Remediant can help customers bolster their defenses by deploying Zero Trust privileged access management that helps better detect and prevent lateral movement in compromised accounts.”
Director of Technical Alliances
Security Business Unit, VMware