Built for This Moment (and All Those to Come) Introducing Symantec CBX: Finally, a security platform for smaller teams fighting larger threats

Posted on by Jason Rolleston

Disconnected, vendor-dependent security stacks leave smaller teams blind to threats and overwhelmed by noise they’re not equipped to manage.
Symantec CBX unifies Symantec and Carbon Black capabilities into a cloud-based XDR platform that delivers native telemetry correlation, AI-driven insights and enterprise-grade protections without enterprise-level complexity.
Built for resource-constrained teams, Symantec CBX reduces costs, cuts alert fatigue, accelerates response and gives organizations a long‑overdue advantage against increasingly sophisticated, AI-powered attacks.
See Symantec CBX in action in Booth N-5345 at RSAC 2026 Conference.

It’s time for the cybersecurity industry to face an uncomfortable truth: The tools meant to make organizations safer are often the very systems slowing them down, and sometimes leaving them vulnerable.

The problem is that security stacks are built over time from disparate tools that prevent analysts from seeing the full operating environment. Smaller security teams have relied on vendors to solve the challenge of integrating various products—and too often, vendors have fallen short, making it too difficult to gather and correlate the telemetry needed to understand what’s really happening across endpoints, networks and data.

While large enterprises have the resources to manage and integrate complex security stacks, left behind are the organizations that make up the largest swath of the cybersecurity customer market: smaller, less-resourced security teams that increasingly face AI-powered, enterprise-grade threats but lack the budgets and in-house expertise to implement enterprise-grade defenses. These sophisticated attacks can decimate smaller organizations, turning them into casualties of an escalating cyber war fueled by nefarious AI agents that never miss a day of work.

These security teams don’t just need better tools. They need an advantage. Now they have one.

XDR from the pioneer of EDR

Today, we’re introducing Symantec CBX, a groundbreaking new extended detection and response (XDR) solution that combines all the best capabilities of Symantec and Carbon Black into a unified, cloud-based platform. Symantec CBX is the first new product to integrate features from these two iconic brands. But more importantly, it’s the first fully featured XDR platform built expressly for smaller teams looking to evolve their security protections, but that lack the expertise and resources needed to configure and optimize traditional enterprise-class XDR solutions.

In Symantec CBX, we’ve distilled decades of innovation from Symantec and Carbon Black into a platform that solves the problem of correlating and making sense of telemetry across endpoints, networks and data. Typically, the various tools within security stacks attempt this via API integrations. But those fragmented couplings are often incomplete and leave dangerous gaps in visibility and actionable insight. Security analysts may understand that something is happening—they just don’t always know what it is or what to do about it.

The problem grows worse as attack surfaces expand. Organizations send more and more data to costly SIEM platforms, leading to a waterfall of challenges, from endless false positives that waste analyst time to murky outcomes that frustrate corporate management looking for evidence that security programs are working. These are costs smaller organizations can’t afford.

Symantec CBX solves this by combining into a single cloud platform Symantec’s robust prevention, data security and network security features with Carbon Black’s pioneering EDR technology for deep visibility, exceptional threat detection and rapid response across attack surfaces. Spared from log-centric ingestion, security teams detect incidents more precisely and can act more confidently.

Native correlation is just the beginning

With Symantec CBX, native telemetry correlation sits at the center of a vast array of advanced capabilities that, until today, were available only from multiple point solutions. In CBX, we have integrated breakthrough features from Symantec and Carbon Black that make teams smarter and more efficient. Here’s what security teams can look forward to:

AI that makes life easier for humans at the helm. We’ve strategically deployed AI to deliver meaningful improvements to security workflows, resulting in capabilities that simply aren’t available anywhere else. Take Carbon Black Threat Tracer, which allows any analyst to see all adversary activity in a single pane. (Even junior analysts can understand immediately where attackers came in, how they executed their attack and what data they accessed across endpoint, network, email and cloud environments.) The CBX platform also includes Symantec Adaptive Protection, which uses AI to stop living off the land (LOTL) attacks before they do damage. And Symantec’s Incident Prediction, the groundbreaking feature we introduced last year, predicts an attacker’s next four to five moves so teams can stop threat actors moving laterally to steal data or shut down systems.

More complete insights for faster remediation. Incident Summaries, another AI-powered feature, gathers comprehensive data about incidents and presents them in well-written, intuitive summaries and remediation guidance so any analyst can engage mitigation when and where it makes sense.

Enterprise-grade network and data protections. Drawing from the best of Symantec Secure Web Gateway (SWG) and Symantec DLP solutions, this new XDR platform defends the network and data domains by stopping malicious traffic at the network edge, while packaging data security essentials from our acclaimed DLP offerings to ensure that sensitive data stays where it belongs. Via the integrated Symantec Cloud SWG

Express, this new platform even supports post-quantum computing cryptography protocols, thus shielding organizations from the threat of increasingly common “harvest now, decrypt later” attacks and relieving concerns over the prospect of attackers someday unlocking encrypted data.

Meaningful outcomes and rapid time to value. Security managers are expected to continuously improve their team’s performance, but that’s not easy when disjointed solutions create needless friction and confusion, and multiple dashboards steal time from an already busy day. We built Symantec CBX with the features and unified management console that enable the outcomes security teams need most: driving down SIEM and operational costs, rescuing analysts from alert fatigue, speeding time to resolution, meeting governance requirements and demonstrating progress by improving metrics.

Out-of-the-box policy configurations make CBX easy to implement and deliver immediate value.

The Goldilocks platform for the heart of the market

Symantec CBX is aimed squarely at the heart of the cybersecurity market, empowering and enabling security teams of virtually any size with a platform that puts them first. No other XDR solution is built so specifically for organizations laboring under tight budgets, too few resources, a persistent lack of senior expertise, chronic alert fatigue and the ever-more–daunting threat of AI-powered attacks.

Symantec CBX is the XDR platform for this moment and this market. As the first new solution from Broadcom to integrate capabilities from both Symantec and Carbon Black, CBX is the realization of our strategy to deliver on the “better together” pledge we made when these two legendary brands first came together under Broadcom’s Enterprise Security Group. And it’s the ideal solution for our global network of Catalyst Partners, with their deep regional expertise and close customer relationships, as they help organizations struggling to keep up in an environment of constant change and unrelenting challenges.

Overwhelmed security teams need an advantage, and now they have one.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

This post originally appeared on Security.com, and is re-published with permission.

Integrated Threat Hunting: A Smarter Path for Stretched Federal SOCs

Posted on by Richard Verwers

Why visibility, automation and collaboration are now mission-critical

Federal Security Operations Center (SOC) teams are under relentless pressure. Teams are increasingly stretched thin as agencies grapple with AI-enhanced threats, Zero Trust requirements and operational mandates like FISMA 2.0. Despite limited staff and growing workloads, though, the mission remains clear: defend critical infrastructure, secure sensitive data and maintain compliance.

For split-second contexts in the face of critical alerts, fragmented tools and siloed data only make matters worse. Analysts lose time switching between platforms. Revalidating and responding to quickly escalating threats takes time away from mission continuity.

Federal SOCs require integrated, intelligence-driven platforms that support end-to-end threat visibility, rapid response and secure information sharing.

Modern Federal SOCs Face Mounting Challenges

Staffing shortfalls are now a systemic issue. The cybersecurity talent gap currently exceeds 5.5 million unfilled roles globally, with Federal agencies competing for a shrinking pool of qualified professionals.

Meanwhile, tool sprawl and console fatigue complicate workflows. Analysts must juggle multiple platforms to correlate data, validate incidents and track lateral movement all while meeting increasingly complex compliance reporting mandates.

Agencies must also contend with:

AI-generated malware that evades signature-based detection
Expanding attack surfaces from hybrid environments and remote endpoints
Escalating compliance expectations tied to FISMA modernization, OMB M-24-14 and Zero Trust architecture maturity

To keep pace, teams need tools that consolidate, correlate and streamline.

Real-time Response Enhances SOC Agility

Threat impact is defined by the time it takes to respond properly. Delayed containment leads to higher costs and increased exposure. That’s why real-time response is now essential to any defensible cybersecurity posture.

Modern endpoint detection and response (EDR) platforms allow teams to:

Isolate compromised endpoints instantly
Terminate malicious processes at the source
Prevent data exfiltration in-flight
Apply automated playbooks for repeatable, standards-based remediation

These capabilities reduce manual intervention and align with CISA’s SOAR guidance, enabling SOCs to act swiftly within a Zero Trust model. For Federal teams, this also supports audit-readiness with timestamped forensic records that meet FISMA and OMB compliance requirements.

Unified Telemetry Accelerates Threat Hunting

Siloed data weakens an analyst’s ability to detect patterns and perform deep investigations. By unifying endpoint telemetry across devices and environments, teams gain access to richer datasets and longer retention windows for root cause analysis.

Carbon Black EDR captures high-fidelity endpoint activity and retains up to 180 days of telemetry, letting teams uncover threats that may have originated weeks or months prior.

With behavior-based analytics, SOCs can move past static signatures and detect anomalies faster. This involves pinpointing lateral movement, privilege escalation and indicators of compromise before damage escalates.

Collaboration and Data Sharing Reduce Operational Risk

Cybersecurity is a team sport, but without integrated data sharing, even the best defenses can fall short. Fragmented environments limit visibility, making it difficult to act on shared intelligence across tools and agency teams.

Integrated platforms streamline threat intelligence sharing through features such as:

The Carbon Black Data Forwarder, which simplifies integration with SIEM/SOAR platforms
API-driven data sharing that supports automation and collaboration
Compatibility with Zero Trust frameworks, particularly the Device Pillar of OMB M-24-14

With cross-environment visibility and collective learning, SOC teams can improve incident response while advancing cybersecurity maturity across the agency.

Work Smarter, Not Harder

Federal SOCs face high-stakes situations where time and clarity are critical and impact lives in real time. Every alert demands focus. Every decision must be defensible. To operate effectively under pressure, teams need platforms that reduce noise, unify workflows and enable smart action.

Carbon Black and Carahsoft help Federal teams do more with less. We empower analysts with the real-time insights and interoperability they need to protect what matters most.

Contact us to learn how your agency can simplify threat detection, response and collaboration with Carbon Black EDR.

Endpoint Detection and Response (EDR) and Federal Cybersecurity Mandates

Posted on by Craig Picken and Elizabeth Schultheisz

Federal cybersecurity mandates are constantly evolving to keep pace with a rapidly changing technological ecosystem, focusing primarily on visibility and record-keeping within software architecture. Endpoint Detection and Response (EDR) remains a steadfast and reliable investigative tool, tracking, alerting to and aiding resolution of suspicious endpoint activity across an agency’s siloed infrastructure.

“Never Trust, Always Verify” With EDR

As malicious actors’ methods and priorities shift the Federal Government’s must evolve as well. Current cybersecurity mandates emphasize a Zero Trust approach, focusing on verifying all end users and devices in near real-time. These mandates should be considered the minimum requirement for an agency’s cybersecurity posture. Agencies should deploy multiple verification and prevention technologies to secure those endpoints.

An effective EDR solution can quickly distinguish between normal and anomalous activity in Federal endpoints. Its continuous monitoring is critical for rapidly assessing a threat before sensitive information can be stolen and leaked. Cyber attackers use sophisticated techniques, including artificial intelligence (AI) to gain an advantage. With EDR, Security Operations Center (SOC) analysts can forensically examine the chain of events and not only resolve an issue but proactively set up safeguards to prevent future incidents.

As the threat landscape evolves, it is important not to get caught up in buzzwords such as “modern” EDR. Typically “modern” means that the solution requires cloud connectivity, which can leave crucial blind spots in areas including air-gapped, limited connectivity or other disadvantaged environments. While new EDR capabilities are always being developed, the fundamental aspects have always remained the same. Visibility, as always, is the most crucial of all. An effective EDR solution is feature-rich, mature and can monitor in diverse environments.

Carbon Black EDR: Visibility on All Fronts

Regarding Public Sector cybersecurity, the primary objective is to protect the entire environment, from air-gapped and cloud environments to end-of-life operating systems. As the founders of EDR, Carbon Black offers a mature solution that can be configured to alert SOC teams to previously unknown, potentially interesting activity. By using open Application Programming Interfaces (APIs), agencies can retain total data sovereignty and pass it off to Security Information and Event Management (SIEM) systems.

Carbon Black EDR offers a full lifecycle cybersecurity solution. The solution proactively and continuously monitors all endpoints and is compatible with multiple integrations. Through watchlists, threat intelligence and other methods, Carbon Black EDR detects anomalous or malicious activity and helps SOC analysts respond through various means. SOC teams can also visualize the progression of the attack through diagrams or timelines. This customizable threat intelligence allows Carbon Black EDR to be a well-rounded solution for any agency looking to align with Federal cybersecurity mandates.

A mature, effective EDR solution always has endpoint activity awareness at the forefront, giving SOC analysts unparalleled visibility into their environment. This focus is crucial, as Federal mandates continue to focus on a Zero Trust approach to cyber security. Increasing your endpoint visibility through EDR not only improves reaction time during a crisis incident but allows SOC teams to proactively prevent future cyberattacks.

Want to learn more about how Carbon Black EDR enhances your endpoint visibility? Contact our Broadcom team at Broadcom@carahsoft.com or visit our website.

How Endpoint Detection and Response (EDR) Creates a Successful Cybersecurity Posture

Posted on by Craig Picken and Elizabeth Schultheisz

Stringent cybersecurity measures are crucial to secure Public Sector operations, and Endpoint Detection and Response (EDR) is a critical tool in that belt. Malicious adversaries range from rogue actors to nation-state-sponsored attacks, and all frequently target specific organizations that deal with highly sensitive data. By itself, EDR can quickly identify abnormal behaviors or code and help the SOC analyst team respond accordingly. When paired with other Security Operations Center (SOC) tools, EDR further broadens SOC visibility and increases operational efficiency. Federal agencies can use that intelligence to not only resolve security breaches, but also proactively adjust their security measures to prevent further incidents.

All Eyes on the Data: EDR and Data Visibility

Visibility is a fundamental tenet of EDR. When SOC teams have access to data that is current and actionable, they can make calculated, proactive decisions and respond appropriately in crisis scenarios. An effective EDR tool will monitor existing data, detect anomalous behavior and respond to threats in real time.

Data from across multiple sources is recorded and compared against watch lists that SOC analysts can use to search for anomalous activities. Additionally, known threat vectors are continuously monitored in near real-time, and analysts are automatically alerted to suspicious behavior. EDR looks at all endpoint activity, not just individual data silos, and presents that raw data to SOC analysts in a usable, searchable manner.

Efficiency and Data Quality: Two Sides of the Same Coin

It is not just the quantity of data SOC teams can access that matters; the quality of the data is just as crucial. Chief Information Security Officers (CISOs) and SOC teams need to make fast, defensible decisions in both routine and crisis scenarios. Analysts do not have the time to sift through all alert activity and determine those that need immediate response. An effective EDR solution allows for tuning of watchlists to prioritize alerts. By receiving higher fidelity alerts, SOC analysts optimize time spent investigating and providing real-time response by isolating endpoints or acting directly to terminate suspicious processes.

It is not enough for security alerts to be prioritized; if the information is unreliable or incomplete, any analyses or flags extrapolated from that data are virtually worthless. A data-based EDR solution allows SOC analysts to resolve issues quickly, reducing the risk of faulty decisions.

Carbon Black EDR: The Premier Option

After observing the need for security and visibility in endpoints, Carbon Black was founded and pioneered EDR. Its open architecture with Application Programming Interfaces (APIs) makes it possible to correlate the data with other SOC tools, such as network, identity, endpoint protection and data protection tools. Additionally, Carbon Black EDR can integrate with different security products, including Security Information and Event Management Systems (SIEMS). This holistic vision allows SOC teams to understand the entire lifecycle of potential attacks, and accurate data ensures that analysts know exactly what, where and how an incident occurred.

This layered approach to cybersecurity is especially valuable to the Public Sector. Many Federal teams work in multiple siloed or air-gapped networks, and each of these networks have different functions. Carbon Black EDR has the flexibility to be deployed in multiple environments and tailored to their individual operations.

Want to learn more about how Carbon Black EDR can elevate your cybersecurity posture? Contact our Broadcom team at Broadcom@carahsoft.com or visit our website.

Securing Air-Gapped and Classified Environments: The Importance of Customized Endpoint Protection

Posted on by Garrett Lee

Military and intelligence agencies manage extremely sensitive information, and their missions often require them to operate in high-risk environments where even the slightest breach of security or sensitive data exposure means disastrous results to the mission and to national security. Their most vital networks are air-gapped—disconnected from the internet—so cloud-native security tools cannot secure these sensitive assets.

There is a myriad of reasons organizations choose to air-gap their systems. To effectively secure classified networks, weapons systems, tactical field systems and critical infrastructure, agencies are faced with the challenge of building and maintaining a security strategy involving endpoint, network and data security defenses that can deliver strong cyber command and control without relying on internet connectivity.

No Single Strategy is 100% Attack Proof

Physically or logically isolating networks into air-gapped networks is a sound security strategy that defense, intelligence and civilian agencies employ to prevent access to sensitive or classified systems and operations. Yet their isolation alone is not enough to ensure air-tight security.

While air-gapping does reduce remote risk, it is not exactly immune to cyber risk. Air-gapped environments are designed to block external adversaries by isolating networks from the internet or a broader enterprise. But that isolation inevitably shifts risk toward the people who do have access—admins, operators, contractors, maintenance staff and trusted vendors. By eliminating one problem, there is often an unintended consequence of risk—by blocking outsiders, threat likelihood from insiders becomes concentrated.

In most air-gapped environments, a small set of users has elevated access. Patching and updates are slow, and monitoring is limited or entirely local to the air-gapped network. Due to the isolation of the systems, physical presence is required, increasing insider impact. This makes insiders the most capable attack vector—whether through malicious or simply negligent behavior.

Air-gapped environments make heavy use of Universal Serial Bus (USB), compact disks (CDs), digital versatile disks (DVDs), portable Solid-State Drives (SSDs) and sneakernet to move data from system to system, and to apply updates and patches. This offers the opportunity for tampering, and these environments often lack the continuous monitoring needed to spot and stop these risks, resulting in threat detection gaps and delays. A mature data protection strategy is vital in air-gapped environments to thwart insider threats.

Because air gapped systems rely entirely on local security measures, organizations must build layered, robust defenses to secure classified and sensitive assets. Local protection is everything, and for high-risk agencies that means monitoring and securing every single endpoint.

How Endpoint Protection Fills the Gaps

Endpoint protection is a broad term describing technology and strategies used to secure end-user devices, such as laptops, computers and mobile devices. Since these devices get the most direct human interaction while housing vital data, they are exceptionally vulnerable to cyberattacks, even in air-gapped networks. To avoid critical breaches, security operators must be able to detect, prevent and respond to threats on each endpoint device in any given environment, especially when they interact with classified data.

Many organizations are turning to cloud-native endpoint security solutions that depend upon cloud-based machine learning for anomaly detection. While these endpoint security tools may be suitable for some systems and some environments, they depend on the cloud to function so they cannot operate in disconnected or air-gapped environments. This opens security gaps, leaving devices vulnerable to cyberattacks and insider threats. Security teams can solve this problem by investing in endpoint protection approaches that are well-suited to air-gapped environments, enabling the visibility and control necessary to safeguard these critical systems.

The Benefits of Customizable Endpoint Protection

The ability to tailor security for nuanced policy control and security monitoring—including specific configurations for user roles, device types or classification levels—is crucial to ensure a strong security posture. Endpoint security solutions must also be established independently from the cloud, to run behavioral analytics even in fully isolated network enclaves.

When a threat occurs, detailed information is vital to protecting high-value assets, and robust air-gapped endpoint security systems enable rapid identification and threat mitigation while providing analysts with forensic data for investigation. This critical context also informs refinements to tailor and optimize the security approach for the environment’s unique mission.

Implementing a Zero Trust approach is still vital to reducing threats to air-gapped environments, just as it is in internet-facing networks. Hardening systems by ensuring only trusted software can execute enables the mission but not an attacker.

Safeguarding the data from insider threats is another important element of a mature air-gapped security operation. Data Loss Prevention (DLP) offers an important countermeasure against cybersecurity risk in air-gapped environments and allows security teams the ability to ensure that organizational data is appropriately controlled.

Two Industry Leaders, One Unbreakable Line of Defense

Defense and intelligence agencies cannot afford to leave gaps from security tooling that is unsuitable to defend disconnected networks and endpoints. They need an endpoint security suite built for their world—one that delivers advanced security capabilities to offline, high-stakes and mission critical IT systems. Symantec and Carbon Black deliver exactly that: proven protection designed for Federal environments.

Both solutions are purpose-built for Government, but each brings its own strengths to the field:

Symantec delivers powerful static and dynamic malware analysis, plus built-in USB device management to automatically flag and quarantine malicious media. Symantec also offers an industry-leading DLP solution well-suited to air-gapped environments where ensuring data is properly safeguarded is mission-critical.
Carbon Black provides deep behavioral detection and advanced Endpoint Detection and Response (EDR), capturing forensic logs, watchlists tuned to the unique environment and analytics to support detailed investigations. Carbon Black also enables organizations to establish a positive security model with policy-based governance to ensure their systems only execute trusted software and use only allowed removable media devices.

Joined together, renowned brands Symantec and Carbon Black offer proven, mature solutions to safeguard air-gapped environments and data by providing visibility to identify threats and streamline investigations and protection policies to neutralize threats. Their combined detection and granular visibility close the gaps left by cloud-reliant platforms—especially necessary in disconnected air-gapped and bandwidth-constrained environments—giving agencies the command and control they need to stop threats before they compromise the mission.

Watch the expert webinar to hear how Department of War guest speakers are addressing their endpoint security gaps.

Can’t get enough? Download NextGov/FCW’s latest article for deeper insights on the fight to secure air-gapped environments.

| Carahsoft

Tag Archives: Carbon Black