As more and more endpoints such as Windows, Mac and Linux laptops, workstations and servers are added to your network, they substantially increase the attack surface for threat actors. The prevalence of undetected and standing 24X7 admin user access presents a large attack surface for the “bad guys” to wreak havoc using compromised accounts to move laterally through your environment, stealing sensitive information from your endpoints. In fact, 74% of breached organizations admitted the breach involved access to a privileged account. There is a need for an automated way to remove that standing access across platforms and to provision the appropriate access directly to user accounts just for the time needed.
Endpoint Detection and Response (EDR) solutions record and store endpoint system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to protect and restore affected systems. As EDR continues to increase its effectiveness in detecting malware and unusual activity, threat actors have pivoted to using compromised privileged accounts.
Their activity using these accounts is hard to distinguish from normal activity. Protecting a company today requires a comprehensive approach that that coordinates detection and investigation of endpoint activity with the rapid reduction of unwanted 24X7 privileged access sprawl that threat actors use to move through environments undetected.
The VMware Carbon Black Cloud is a cloud native platform delivering best-in-class, next-generation antivirus, EDR managed detection, and audit and remediation without compromising system performance. This is achieved by consolidating multiple endpoint and workload security capabilities using one agent and console, helping you operate faster and more effectively. As part of VMware’s intrinsic security approach, Carbon Black Cloud spans the system hardening and threat prevention workflow to accelerate responses and defend against a variety of threats.
The joint solution combines the power of SecureONE’s privileged access security with Carbon Black Cloud, enabling organizations to implement Zero Trust security — without adding an additional PAM agent. Carbon Black’s best-in-class protection is complemented by SecureONE’s identity centric response to attacks which are hard to detect. Remediant’s unique approach exposes and removes 24x7 “Just-In-Case” admin rights from endpoints replacing it with easy-to-use Just-In-Time (JIT) access and “Zero Standing Privilege” (ZSP). VMware Carbon Black plus Remediant SecureONE enables organizations to:
The integration of SecureONE with Carbon Black simplifies life for the increasing remote workforce.
JITA session from Remediant SecureONE
(on company network)
JITA session from Remediant SecureONE
(outside of company network) to Windows only
VMware Carbon Black agent records activity and sends to VMware Carbon Black console
SecureONE links to VMware Carbon Black console so activity during (before and after) the session can be investigated
This video demonstrates Remediant's Intelligent Session Capture capability through its integration with VMware Carbon Black Cloud. With this integration, you can pivot from the SecureONE console through an embedded “Investigate” link to the EDR console to proactively explore for any suspicious threat activity during the JIT privileged session at the endpoints and mitigate it through a combination of Remediant and the EDR solution.
This video demonstrates Remediant's SecureOne s integration with VMware Carbon Black Cloud.to manage remote systems outside the customer's network.
This integration also demonstrates the ability to grant and revoke JIT access to the remote system.
Traditional PAM strategies have left companies ill-prepared for the identity-based attacks on endpoints. The Remediant and VMware Carbon Black integration allows organizations of all sizes to protect their endpoints by discovering and restricting 24X7 privileged account sprawl and enabling Zero Trust security.
The use cases are:
Obtain contextual data into privileged account activity while eliminating the need for additional infrastructure for recording and PAM agents
Correlate privileged account activity by accessing the recordings of all end point activity from VMware Carbon Black Cloud to expedite incident response and remediation in real
Prevent lateral movement attacks by removing excess standing privilege and replacing with JIT access
EDR data recordings are easy to access, search and analyze for auditing, forensics and compliance purposes
Director of Technical Alliances
Security Business Unit, VMware