The integration of Carbon Black Endpoint Detection and Response capabilities to Lumeta enables you to know whether hosts on your enterprise network are either unmanaged by Carbon Black or unknown to Lumeta. The integration enables a "deep-link" context switch from Lumeta to the Carbon Black UI, where the user can contain, isolate. and remediate "undefended" endpoints that are vulnerable to cyber attacks. The Carbon Black EDR solution continuously records, centralizes and retains activity from every endpoint to identify attacks and keep a history of an attacker's every action. Lumeta's index of all network devices ensures that Carbon Black is aware of all endpoints requiring deployment of the EDR software, so you can ensure 100% coverage to all hosts.
How Does It Work?
Lumeta accesses the API of Carbon Black (at a polling interval set by the user) and retrieves the inventory of hosts, servers, and other endpoint systems ("Carbon Black managed endpoints").
Lumeta correlates this inventory against Lumeta's authoritative index of IP address space- comparing to advise Carbon Black of any devices where it doesn't see a Carbon Black endpoint indicated on the device, as those would be "undefended/unmanaged" endpoints.
Lumeta highlights the differences and commonalities into views:
- Lumeta Only IPs: IP addresses Lumeta knows about, but are unmanaged by Carbon Black
- Carbon Black Only IPs: IP addresses Carbon Black knows about, but are unknown to Lumeta (e.g., if Lumeta does not have access to a network or an off-network device, but Carbon Black is still aware of the client agent)
- Carbon Black and Lumeta Managed IPs: IP addresses both Lumeta and Carbon Black know about.
