Network security

Carbon black: Endpoint security [product review]

Graeme Messina
December 1, 2018 by
Graeme Messina

Carbon Black Endpoint Security is an effective and user-friendly endpoint solution for user devices such as PCs and laptops. It features malware protection that keeps threats at bay while protecting your network and computer systems from hackers and viruses.

Carbon Black seeks to transform cybersecurity through the use of big data and analytics, combined with cloud technologies. They have recognized that mobile devices and cloud technologies have moved the goal posts as far as endpoint security is concerned, prompting them to develop a proactive approach to threats.

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

Carbon Black Endpoint Security uses online hashes to detect malware and virus incidents in your local environment, which means that most organizations that implement it are stunned to find multiple incidents of previously undetected malware. This is a great way for your team to learn how to adapt to Carbon Black Endpoint Security while also developing new incident response routines.

Carbon Black Endpoint protection offers solutions to all of your organization's security needs and uses a series of individual services that run locally on your private network as well as remotely in the cloud.

These services include:

  • Predict and Prevent: Finds new and existing malware and protects systems
  • Capture and Analyze: Carbon Black uses predictive cloud technology and storage
  • Quick Response: Detection and response capabilities work in real time
  • Operate at Scale: Automation enables mass deployment and task completion

Key features

The individual components that make up Carbon Black’s protection products enable it to defend against both emerging and known threats, giving endpoint users the confidence and assurance that their IT systems are protected and safe at all times. We will look at each individual component and explore what each one does.

Predict and prevent

Carbon Black understands that today’s cybercriminals are at the forefront of innovation when it comes to developing malware and viruses, which means that they can rapidly develop and deploy new threats faster than ever before. Traditional antivirus and endpoint solutions are simply unable to keep up with the pace, and inevitably end up in a reactive stance against malware, viruses and hackers.

Carbon Black is able to stay one step ahead of this disturbing trend by using an advanced predictive model that is based in the cloud, which uncovers malicious behavior before it manifests itself as a surprise attack or infection across your network. It is able to stop malware and ransomware and can even help to stop non-malware-based attacks. It prevents attacks without you needing to do a thing, automatically stopping threats as they occur whether the system is online or offline.

Capture and analyze

Carbon Black’s Predictive Security Cloud is able to capture and store a wide range of system metrics in an unfiltered form from each and every endpoint that is plugged into the system, which gives it a massive data set to work with. When combined, this data can help paint a picture of what is happening on many different levels, from local or individual systems to a macro overview of a network or region.

This helps Carbon Black to identify emerging threats that haven’t yet broken the surface, where traditional anti-malware and antivirus software usually fails. This is because it is able to store and record the complete records of each endpoint, even if it goes offline. The system is able to analyze all of the endpoint activity against signatures of known behavior and reputation, which are compared to over 110 known behaviors that are commonly used by attackers.

Quick response

Carbon Black Endpoint Security is equipped with an industry-leading detection and response system that allows it to reveal suspicious and threatening behavior in real time. This allows you and your team to decide on the urgency and speediness of your threat response, and how long you have in order to contain the threat as quickly as possible. Once the threat has been identified, you and your team can respond accordingly.

Operate at scale

If you compare Carbon Black: Endpoint Security to traditional products you will find that antivirus software has a few distinct disadvantages. Carbon Black automates tasks such as deployment, updating and threat detection. This makes it a simple solution to deploy to your environment, regardless of size. It scales well across large networks and uses minimal system resources on endpoint computers. Users can expect 1% CPU and hard disk usage, so performance impact is practically unnoticeable.

The open API lets Carbon Black fit in with your environment, allowing customization and integration with your systems. Real-time sensors make it easy for your IT team to detect and manage threats with almost no effort, which is excellent news for system admins.

SecurityIQ awareness education

SecurityIQ is an on-demand training program that has been developed by InfoSec Institute to allow organizations to upskill and train employees to handle the situation whenever an incident is triggered. The idea of an on-demand alert for training is important if you want to turn a disaster situation into a teachable moment for the rest of the organization. The system uses micro-training as a way to instill proper real-world training with actual threat scenarios.

The REST API used as the integration protocol by Security IQ is implemented within Carbon Black and lets the two systems work together. If real-world, onsite training is a concern for your company at present, then this is the right solution for you and your organization.



Carbon Black offers protection that is highly-advanced and cloud-based, with real-time detection that will give your team enough time to respond effectively. Thanks to the large volumes of data that Carbon Black analyzes and sorts through, you will be in a much better position than if you were to use an outdated antivirus solution on its own.

Carbon Black is able to integrate with SecurityIQ so that your users come away with new knowledge about how they can keep their systems safe from malware, viruses and attackers. By combining SecurityIQ with Carbon Black, users can not only be protected, but educated in the event that something slips through the net. IT security is like health care: always critical, but prevention is better than cure.

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

Want to read more? Check out some of our other articles, such as:


Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.