Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Real-time Network Visibility and Endpoint Detection & Response
The integration of Carbon Black Endpoint Detection and Response capabilities to Lumeta enables you to know whether hosts on your enterprise network are either unmanaged by Carbon Black or unknown to Lumeta. The integration enables a "deep-link" context switch from Lumeta to the Carbon Black UI, where the user can contain, isolate. and remediate "undefended" endpoints that are vulnerable to cyber attacks. The Carbon Black EDR solution continuously records, centralizes and retains activity from every endpoint to identify attacks and keep a history of an attacker's every action. Lumeta's index of all network devices ensures that Carbon Black is aware of all endpoints requiring deployment of the EDR software, so you can ensure 100% coverage to all hosts.

How Does It Work?

Lumeta accesses the API of Carbon Black (at a polling interval set by the user) and retrieves the inventory of hosts, servers, and other enpoint systems ("Carbon Black managed endpoints").

Lumeta correlates this inventory against Lumeta's authoritative index of IP address space- comparing to advise Carbon Black of any devices where it doesn't see a Carbon Black endpoint indicated on the device, as those would be "undefended/unmanaged" endpoints.

Lumeta highlights the differences and commonalities into views:

  • Lumeta Only IPs: IP addresses Lumeta knows about, but are unmanaged by Carbon Black
  • Carbon Black Only IPs: IP addresses Carbon Black knows about, but are unknown to Lumeta (e.g., if Lumeta does not have access to a network or an off-network device, but Carbon Black is still aware of the client agent)
     
  • Carbon Black and Lumeta Managed IPs: IP addresses both Lumeta and Carbon Black know about.
     

This information is available in Lumeta via the Endpoint Management Dashboard, as well as reports and maps, facilitating identification and remediation of vulnerable and compromised endpoints.

In reviewing the data on the Lumeta dashboard, users can view Device Details. If the user selects Endpoint Context/Action, it will redirect to the Carbon Black UI where the user can take action to restart, remove, sync, or isolate an endpoint.
 
 

Configuring the Carbon Black Feed

Configure the Carbon Black feed as follows:

  1. On Lumeta's main menu, browse to Settings > Integrations > Other Solutions > Carbon Black
     
  2. Enable the threat feed by moving Active slider to the right.
    The label changes from a red No to a green Yes.
  3. Input a Polling Interval to indicate the time that should elapse between fetching the latest feed data. Input 24 to poll daily, input 12 to poll twice a day, and so on.
  4. Input your customer key.
  5. Input the IP address of your Carbon Black server.
  6. Click Submit
    Feed is configured.


  • No labels