- Process tree view of endpoint activity
- Ability to pull files from host
- Threat Intelligence integration
- Isolate a host
- Needs more defensive abilities
Carbon Black EDR (formerly Cb Response) is an incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements. Carbon Black EDR records and stores endpoint activity data so that security professionals can hunt threats in real time and visualize the complete attack kill chain. It leverages the VMware Carbon Black Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of record for evidence and detection of these identified threats and patterns of behavior.
VMware acquired Carbon Black October 2019.