Environment
- Carbon Black Cloud Sensor: All supported versions.
Question
How does Carbon Black Cloud protect endpoints?
Answer
Part of that answer lies in the proprietary software that can not be disclosed.
This link provides a very good overview:
Moving Endpoint Security to Carbon Black Cloud
Additionally:
Devices that are online benefit from the full-functionality of Carbon Black Cloud. If a device is offline/in an environment without internet access, it is still protected in the following ways:
- Cached reputations from previous cloud look-ups/background scan
- Local AV scan (if enabled)
- Policy rules still apply. Adding not_listed and unknown policy rules help protect against zero-day malware.
- A device offline will not benefit from new cloud reputation look-ups or cloud analytics.