Get a Demo
Contact Us
Get a Demo
Contact Us
Get a Demo
medium K

VMware Carbon Black + Remediant

SecureONE Integrations

Stop Lateral Movement and Ransomware Early

As more and more endpoints such as Windows, Mac and Linux laptops, workstations and servers are added to your network, they substantially increase the attack surface for threat actors. The prevalence of undetected and standing 24X7 admin user access presents a large attack surface for the “bad guys” to wreak havoc using compromised accounts to move laterally through your environment, stealing sensitive information from your endpoints. In fact, 74% of breached organizations admitted the breach involved access to a privileged account. There is a need for an automated way to remove that standing access across platforms and to provision the appropriate access directly to user accounts just for the time needed.


The Problem

Endpoint Detection and Response (EDR) solutions record and store endpoint system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to protect and restore affected systems. As EDR continues to increase its effectiveness in detecting malware and unusual activity, threat actors have pivoted to using compromised privileged accounts.

Their activity using these accounts is hard to distinguish from normal activity. Protecting a company today requires a comprehensive approach that that coordinates detection and investigation of endpoint activity with the rapid reduction of unwanted 24X7 privileged access sprawl that threat actors use to move through environments undetected.

The Solution

The VMware Carbon Black Cloud is a cloud native platform delivering best-in-class, next-generation antivirus, EDR managed detection, and audit and remediation without compromising system performance. This is achieved by consolidating multiple endpoint and workload security capabilities using one agent and console, helping you operate faster and more effectively. As part of VMware’s intrinsic security approach, Carbon Black Cloud spans the system hardening and threat prevention workflow to accelerate responses and defend against a variety of threats.

The joint solution combines the power of SecureONE’s privileged access security with Carbon Black Cloud, enabling organizations to implement Zero Trust security — without adding an additional PAM agent. Carbon Black’s best-in-class protection is complemented by SecureONE’s identity centric response to attacks which are hard to detect. Remediant’s unique approach exposes and removes 24x7 “Just-In-Case” admin rights from endpoints replacing it with easy-to-use Just-In-Time (JIT) access and “Zero Standing Privilege” (ZSP). VMware Carbon Black plus Remediant SecureONE enables organizations to:

  1. Track and record all endpoint activity (processes, network connections, user activity, etc.) including intervals when privileged access and JIT access are in use
    1. This feature is particularly useful for audit, forensics and compliance requirements
  2. Pinpoint and eliminate unnecessary privileged users, groups and systems attackers rely on to compromise entire organizations
  3. Block attackers from moving to additional systems by eliminating standing 24x7 admin access
  4. Simple Just-In-Time access for privileged users that eliminates the motivation to circumvent controls

With Remediant SecureONE, customers using VMware Carbon Black Cloud’s Live Response capability may now extend their reach to:

  • Maintain ZSP and JIT access for Windows endpoints that are outside the corporate network and VPN.
  • Investigate session activity for endpoints located both within and outside their corporate network.

The integration of SecureONE with Carbon Black simplifies life for the increasing remote workforce.

Remediant SecureONE & VMware Carbon Black Cloud Integration Architecture 

Manage Remote Systems and Intelligence Session Capture (ISC)


JITA session from Remediant SecureONE
(on company network)


JITA session from Remediant SecureONE
(outside of company network) to Windows only


VMware Carbon Black agent records activity and sends to VMware Carbon Black console


SecureONE links to VMware Carbon Black console so activity during (before and after) the session can be investigated

Intelligent Session Capture

This video demonstrates Remediant's Intelligent Session Capture capability through its integration with VMware Carbon Black Cloud.  With this integration, you can pivot from the SecureONE console through an embedded “Investigate” link to the EDR console to proactively explore for any suspicious threat activity during the JIT privileged session at the endpoints and mitigate it through a combination of Remediant and the EDR solution.

Carbon Black Cloud Integration

This video demonstrates Remediant's SecureOne s integration with VMware Carbon Black manage remote systems outside the customer's network.

This integration also demonstrates the ability to grant and revoke JIT access to the remote system.

Use Cases of the Joint Solution

Traditional PAM strategies have left companies ill-prepared for the identity-based attacks on endpoints. The Remediant and VMware Carbon Black integration allows organizations of all sizes to protect their endpoints by discovering and restricting 24X7 privileged account sprawl and enabling Zero Trust security.

The use cases are:


Helps Incidence Response teams quickly determine root cause and stop lateral movement attacks at endpoints.

For example:

  • A user signed into a Windows endpoint browses a website and accidentally downloads malware
  • The IR team detects this event using VMware Carbon Black Cloud
  • To investigate, the IR team leverages Remediant’s Intelligent Session Capture (ISC) to identify that during a privileged session (JIT) the malware activates on the Windows endpoint to send sensitive information to a C&C site (provides context during the privileged session)
  • ISC helps the IR team pivot to the EDR console from Remediant to view all other systems the user has admin rights to during this JIT session and also easily search and find all other systems the malware has moved laterally to
  • At this stage, the IR team may either isolate or quarantine the malware infected endpoints using VMware Carbon Black Cloud
  • The IR team can realize the principle of least privilege by implementing JIT and enabling ZSP on all the malware infected endpoints to eliminate lateral movement


Helpdesk staff can enable their privileged access to support the systems outside the network


Security Operations can determine privileged access and enforce the desired JIT privileged access on a system


Remote users such as software developers (DevOps) can install software and make system config changes using privileged access

User Benefits of the Joint Solution


Obtain contextual data into privileged account activity while eliminating the need for additional infrastructure for recording and PAM agents


Correlate privileged account activity by accessing the recordings of all end point activity from VMware Carbon Black Cloud to expedite incident response and remediation in real


Prevent lateral movement attacks by removing excess standing privilege and replacing with JIT access


EDR data recordings are easy to access, search and analyze for auditing, forensics and compliance purposes

See the Industry's Leading EDR and PAM Integration with Remediant and VMware Carbon Black

Join us to learn more on Remediant and VMware Carbon Black's partnership and how you can reduce your attack surface and prevent lateral movement attacks. We'll discuss:

• Market trends and the need for integrated EDR and PAM solutions
• VMware Carbon Black and Remediant: the better together story
• Demos: Intelligent Session Capture and management of remote systems
• Use cases and benefits

"As the threat landscape evolves, security and IT teams must be empowered to detect and stop emerging attacks,” said Chris Goodman, director of technical alliances, Security business unit, VMware. “Leveraging the VMware Carbon Black Cloud, Remediant can help customers bolster their defenses by deploying Zero Trust privileged access management that helps better detect and prevent lateral movement in compromised accounts.

Chris Goodman
Director of Technical Alliances
Security Business Unit, VMware

Get a demonstration of Remediant SecureONE today!

Remediant reinvents privileged access management with SecureONE, the first solution that brings Zero Standing Privilege (ZSP) to the enterprise to prevent lateral movement and shrink the attack surface caused by the invisible sprawl of administrative accounts.