Real-time Network Visibility and Endpoint Detection & Response
The integration of Carbon Black Endpoint Detection and Response capabilities to Lumeta enables you to know whether hosts on your enterprise network are either unmanaged by Carbon Black or unknown to Lumeta. The integration enables a "deep-link" context switch from Lumeta to the Carbon Black UI, where the user can contain, isolate. and remediate "undefended" endpoints that are vulnerable to cyber attacks. The Carbon Black EDR solution continuously records, centralizes and retains activity from every endpoint to identify attacks and keep a history of an attacker's every action. Lumeta's index of all network devices ensures that Carbon Black is aware of all endpoints requiring deployment of the EDR software, so you can ensure 100% coverage to all hosts.
How Does It Work?
Lumeta accesses the API of Carbon Black (at a polling interval set by the user) and retrieves the inventory of hosts, servers, and other enpoint systems ("Carbon Black managed endpoints").
Lumeta correlates this inventory against Lumeta's authoritative index of IP address space- comparing to advise Carbon Black of any devices where it doesn't see a Carbon Black endpoint indicated on the device, as those would be "undefended/unmanaged" endpoints.
Lumeta highlights the differences and commonalities into views:
This information is available in Lumeta via the Endpoint Management Dashboard, as well as reports and maps, facilitating identification and remediation of vulnerable and compromised endpoints.
In reviewing the data on the Lumeta dashboard, users can view Device Details. If the user selects Endpoint Context/Action, it will redirect to the Carbon Black UI where the user can take action to restart, remove, sync, or isolate an endpoint.
Configuring the Carbon Black Feed