Built for This Moment (and All Those to Come) Introducing Symantec CBX: Finally, a security platform for smaller teams fighting larger threats

Posted on by Jason Rolleston

Disconnected, vendor-dependent security stacks leave smaller teams blind to threats and overwhelmed by noise they’re not equipped to manage.
Symantec CBX unifies Symantec and Carbon Black capabilities into a cloud-based XDR platform that delivers native telemetry correlation, AI-driven insights and enterprise-grade protections without enterprise-level complexity.
Built for resource-constrained teams, Symantec CBX reduces costs, cuts alert fatigue, accelerates response and gives organizations a long‑overdue advantage against increasingly sophisticated, AI-powered attacks.
See Symantec CBX in action in Booth N-5345 at RSAC 2026 Conference.

It’s time for the cybersecurity industry to face an uncomfortable truth: The tools meant to make organizations safer are often the very systems slowing them down, and sometimes leaving them vulnerable.

The problem is that security stacks are built over time from disparate tools that prevent analysts from seeing the full operating environment. Smaller security teams have relied on vendors to solve the challenge of integrating various products—and too often, vendors have fallen short, making it too difficult to gather and correlate the telemetry needed to understand what’s really happening across endpoints, networks and data.

While large enterprises have the resources to manage and integrate complex security stacks, left behind are the organizations that make up the largest swath of the cybersecurity customer market: smaller, less-resourced security teams that increasingly face AI-powered, enterprise-grade threats but lack the budgets and in-house expertise to implement enterprise-grade defenses. These sophisticated attacks can decimate smaller organizations, turning them into casualties of an escalating cyber war fueled by nefarious AI agents that never miss a day of work.

These security teams don’t just need better tools. They need an advantage. Now they have one.

XDR from the pioneer of EDR

Today, we’re introducing Symantec CBX, a groundbreaking new extended detection and response (XDR) solution that combines all the best capabilities of Symantec and Carbon Black into a unified, cloud-based platform. Symantec CBX is the first new product to integrate features from these two iconic brands. But more importantly, it’s the first fully featured XDR platform built expressly for smaller teams looking to evolve their security protections, but that lack the expertise and resources needed to configure and optimize traditional enterprise-class XDR solutions.

In Symantec CBX, we’ve distilled decades of innovation from Symantec and Carbon Black into a platform that solves the problem of correlating and making sense of telemetry across endpoints, networks and data. Typically, the various tools within security stacks attempt this via API integrations. But those fragmented couplings are often incomplete and leave dangerous gaps in visibility and actionable insight. Security analysts may understand that something is happening—they just don’t always know what it is or what to do about it.

The problem grows worse as attack surfaces expand. Organizations send more and more data to costly SIEM platforms, leading to a waterfall of challenges, from endless false positives that waste analyst time to murky outcomes that frustrate corporate management looking for evidence that security programs are working. These are costs smaller organizations can’t afford.

Symantec CBX solves this by combining into a single cloud platform Symantec’s robust prevention, data security and network security features with Carbon Black’s pioneering EDR technology for deep visibility, exceptional threat detection and rapid response across attack surfaces. Spared from log-centric ingestion, security teams detect incidents more precisely and can act more confidently.

Native correlation is just the beginning

With Symantec CBX, native telemetry correlation sits at the center of a vast array of advanced capabilities that, until today, were available only from multiple point solutions. In CBX, we have integrated breakthrough features from Symantec and Carbon Black that make teams smarter and more efficient. Here’s what security teams can look forward to:

AI that makes life easier for humans at the helm. We’ve strategically deployed AI to deliver meaningful improvements to security workflows, resulting in capabilities that simply aren’t available anywhere else. Take Carbon Black Threat Tracer, which allows any analyst to see all adversary activity in a single pane. (Even junior analysts can understand immediately where attackers came in, how they executed their attack and what data they accessed across endpoint, network, email and cloud environments.) The CBX platform also includes Symantec Adaptive Protection, which uses AI to stop living off the land (LOTL) attacks before they do damage. And Symantec’s Incident Prediction, the groundbreaking feature we introduced last year, predicts an attacker’s next four to five moves so teams can stop threat actors moving laterally to steal data or shut down systems.

More complete insights for faster remediation. Incident Summaries, another AI-powered feature, gathers comprehensive data about incidents and presents them in well-written, intuitive summaries and remediation guidance so any analyst can engage mitigation when and where it makes sense.

Enterprise-grade network and data protections. Drawing from the best of Symantec Secure Web Gateway (SWG) and Symantec DLP solutions, this new XDR platform defends the network and data domains by stopping malicious traffic at the network edge, while packaging data security essentials from our acclaimed DLP offerings to ensure that sensitive data stays where it belongs. Via the integrated Symantec Cloud SWG

Express, this new platform even supports post-quantum computing cryptography protocols, thus shielding organizations from the threat of increasingly common “harvest now, decrypt later” attacks and relieving concerns over the prospect of attackers someday unlocking encrypted data.

Meaningful outcomes and rapid time to value. Security managers are expected to continuously improve their team’s performance, but that’s not easy when disjointed solutions create needless friction and confusion, and multiple dashboards steal time from an already busy day. We built Symantec CBX with the features and unified management console that enable the outcomes security teams need most: driving down SIEM and operational costs, rescuing analysts from alert fatigue, speeding time to resolution, meeting governance requirements and demonstrating progress by improving metrics.

Out-of-the-box policy configurations make CBX easy to implement and deliver immediate value.

The Goldilocks platform for the heart of the market

Symantec CBX is aimed squarely at the heart of the cybersecurity market, empowering and enabling security teams of virtually any size with a platform that puts them first. No other XDR solution is built so specifically for organizations laboring under tight budgets, too few resources, a persistent lack of senior expertise, chronic alert fatigue and the ever-more–daunting threat of AI-powered attacks.

Symantec CBX is the XDR platform for this moment and this market. As the first new solution from Broadcom to integrate capabilities from both Symantec and Carbon Black, CBX is the realization of our strategy to deliver on the “better together” pledge we made when these two legendary brands first came together under Broadcom’s Enterprise Security Group. And it’s the ideal solution for our global network of Catalyst Partners, with their deep regional expertise and close customer relationships, as they help organizations struggling to keep up in an environment of constant change and unrelenting challenges.

Overwhelmed security teams need an advantage, and now they have one.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

This post originally appeared on Security.com, and is re-published with permission.

Keep More, Store Less: The Case for Advanced Compression in Federal EDR

Posted on by Richard Verwers

How agencies can retain full-fidelity data without overspending on storage

Endpoint detection and response (EDR) depends on data. The more telemetry you collect, the more context you have to detect threats, investigate incidents and meet Federal compliance requirements.

But data volume is also the problem. Federal agencies generate massive amounts of endpoint telemetry every day. Process activity. File changes. Network connections. User behavior. Multiply that across thousands of devices and storage requirements quickly grow beyond what many teams can sustain.

Security teams often face a difficult tradeoff: retain full-fidelity data and absorb higher storage costs, or limit retention and risk losing critical visibility.

That tradeoff is no longer necessary. Advanced data compression changes the economics of endpoint visibility. Agencies can retain unfiltered telemetry for extended periods without expanding storage budgets or adding operational complexity.

The Visibility–Storage Tradeoff is No Longer Sustainable

Federal cybersecurity requirements continue to raise the bar for telemetry collection and retention. Agencies must support Zero Trust initiatives, continuous monitoring programs and audit readiness. Modernization efforts increase the number of connected endpoints, including cloud workloads, remote systems and contractor-managed devices. Each new endpoint expands the telemetry footprint.

At the same time, budgets remain under scrutiny. Storage infrastructure must compete with other mission priorities and security leaders must justify every dollar. When storage costs climb, teams often respond in predictable ways:

Reduce retention windows
Sample or filter telemetry
Drop lower-priority event types
Offload data to external archives that are difficult to query

Each of these approaches creates blind spots. Shorter retention windows limit historical investigations and filtered data weakens threat hunting while fragmented storage slows response times.

In a threat context where adversaries can dwell quietly for months, incomplete data is a liability. Agencies need a way to collect and retain comprehensive telemetry without creating unsustainable storage growth.

Compression-First Architectures Improve Data Retention

Traditional security platforms treat compression as an afterthought. Data is collected at scale, stored in raw or lightly optimized formats and compressed later in the pipeline. By then, infrastructure costs are already locked in.

A compression-first architecture takes a different approach. Advanced compression techniques reduce data size at ingest. Telemetry is optimized as it enters the platform, not after it has consumed storage resources. The result is a significantly smaller storage footprint without sacrificing fidelity. For Federal security operations centers (SOCs), this shift has meaningful impact:

Longer retention without higher cost – Agencies can retain 180 days or more of full-fidelity telemetry while remaining within budget constraints.
Unfiltered visibility – Teams do not need to decide in advance which data might matter later. They can keep it all.
Faster investigations – Optimized storage enables efficient querying across large datasets, supporting threat hunting and incident response.
Simplified architecture – Native compression reduces the need for external storage tiers or complex archival systems.

Instead of managing tradeoffs, security teams regain flexibility.

Full-Fidelity Data Supports Compliance and Zero Trust

Federal mandates increasingly require measurable security maturity. Continuous monitoring, device-level visibility and documented audit trails are central to that effort, and retention depth matters.

When agencies can access complete endpoint histories, they strengthen their ability to:

Validate Zero Trust controls within the device pillar
Reconstruct events during forensic investigations
Demonstrate compliance with evolving Federal security requirements
Support reporting obligations tied to vulnerability and risk management

Short retention windows make it harder to answer fundamental questions: When did this behavior begin? Was lateral movement attempted? Did similar activity occur on other systems?

With compressed full-fidelity data, those questions become easier to answer and teams can look back months, not days. This level of historical visibility supports stronger analytics, more informed risk decisions and more defensible reporting.

Cost Efficiency Matters Under Federal Scrutiny

Every Federal technology investment must demonstrate operational value. Advanced compression directly addresses cost concerns in several ways:

Reduces total storage consumption
Delays or eliminates additional infrastructure purchases
Lowers operational overhead tied to managing multiple storage systems
Minimizes data movement between tiers

At the same time, it strengthens the overall security posture by preserving data that might otherwise be discarded. This combination of efficiency and depth is particularly important for agencies balancing modernization initiatives with budget discipline.

Security cannot become a cost center that expands without limit. It must scale responsibly. Compression-first EDR architecture supports that balance.

The Federal security community no longer needs to accept a compromise between cost and visibility. Advanced data compression enables agencies to:

Collect unfiltered endpoint telemetry
Retain data for extended periods
Support Zero Trust maturity
Strengthen investigative capabilities
Maintain fiscal discipline

As agencies define the next standard for Federal EDR, data strategy must be part of the conversation. Retention, accessibility and efficiency determine whether telemetry delivers long-term value.

Carbon Black and Carahsoft help Federal agencies adopt a compression-first approach to endpoint detection and response, so teams can keep more data, store less and operate with confidence.

Contact us to learn how your agency can adopt a compression-first approach to endpoint visibility while staying within budget.

Integrated Threat Hunting: A Smarter Path for Stretched Federal SOCs

Posted on by Richard Verwers

Why visibility, automation and collaboration are now mission-critical

Federal Security Operations Center (SOC) teams are under relentless pressure. Teams are increasingly stretched thin as agencies grapple with AI-enhanced threats, Zero Trust requirements and operational mandates like FISMA 2.0. Despite limited staff and growing workloads, though, the mission remains clear: defend critical infrastructure, secure sensitive data and maintain compliance.

For split-second contexts in the face of critical alerts, fragmented tools and siloed data only make matters worse. Analysts lose time switching between platforms. Revalidating and responding to quickly escalating threats takes time away from mission continuity.

Federal SOCs require integrated, intelligence-driven platforms that support end-to-end threat visibility, rapid response and secure information sharing.

Modern Federal SOCs Face Mounting Challenges

Staffing shortfalls are now a systemic issue. The cybersecurity talent gap currently exceeds 5.5 million unfilled roles globally, with Federal agencies competing for a shrinking pool of qualified professionals.

Meanwhile, tool sprawl and console fatigue complicate workflows. Analysts must juggle multiple platforms to correlate data, validate incidents and track lateral movement all while meeting increasingly complex compliance reporting mandates.

Agencies must also contend with:

AI-generated malware that evades signature-based detection
Expanding attack surfaces from hybrid environments and remote endpoints
Escalating compliance expectations tied to FISMA modernization, OMB M-24-14 and Zero Trust architecture maturity

To keep pace, teams need tools that consolidate, correlate and streamline.

Real-time Response Enhances SOC Agility

Threat impact is defined by the time it takes to respond properly. Delayed containment leads to higher costs and increased exposure. That’s why real-time response is now essential to any defensible cybersecurity posture.

Modern endpoint detection and response (EDR) platforms allow teams to:

Isolate compromised endpoints instantly
Terminate malicious processes at the source
Prevent data exfiltration in-flight
Apply automated playbooks for repeatable, standards-based remediation

These capabilities reduce manual intervention and align with CISA’s SOAR guidance, enabling SOCs to act swiftly within a Zero Trust model. For Federal teams, this also supports audit-readiness with timestamped forensic records that meet FISMA and OMB compliance requirements.

Unified Telemetry Accelerates Threat Hunting

Siloed data weakens an analyst’s ability to detect patterns and perform deep investigations. By unifying endpoint telemetry across devices and environments, teams gain access to richer datasets and longer retention windows for root cause analysis.

Carbon Black EDR captures high-fidelity endpoint activity and retains up to 180 days of telemetry, letting teams uncover threats that may have originated weeks or months prior.

With behavior-based analytics, SOCs can move past static signatures and detect anomalies faster. This involves pinpointing lateral movement, privilege escalation and indicators of compromise before damage escalates.

Collaboration and Data Sharing Reduce Operational Risk

Cybersecurity is a team sport, but without integrated data sharing, even the best defenses can fall short. Fragmented environments limit visibility, making it difficult to act on shared intelligence across tools and agency teams.

Integrated platforms streamline threat intelligence sharing through features such as:

The Carbon Black Data Forwarder, which simplifies integration with SIEM/SOAR platforms
API-driven data sharing that supports automation and collaboration
Compatibility with Zero Trust frameworks, particularly the Device Pillar of OMB M-24-14

With cross-environment visibility and collective learning, SOC teams can improve incident response while advancing cybersecurity maturity across the agency.

Work Smarter, Not Harder

Federal SOCs face high-stakes situations where time and clarity are critical and impact lives in real time. Every alert demands focus. Every decision must be defensible. To operate effectively under pressure, teams need platforms that reduce noise, unify workflows and enable smart action.

Carbon Black and Carahsoft help Federal teams do more with less. We empower analysts with the real-time insights and interoperability they need to protect what matters most.

Contact us to learn how your agency can simplify threat detection, response and collaboration with Carbon Black EDR.

Endpoint Detection and Response (EDR) and Federal Cybersecurity Mandates

Posted on by Craig Picken and Elizabeth Schultheisz

Federal cybersecurity mandates are constantly evolving to keep pace with a rapidly changing technological ecosystem, focusing primarily on visibility and record-keeping within software architecture. Endpoint Detection and Response (EDR) remains a steadfast and reliable investigative tool, tracking, alerting to and aiding resolution of suspicious endpoint activity across an agency’s siloed infrastructure.

“Never Trust, Always Verify” With EDR

As malicious actors’ methods and priorities shift the Federal Government’s must evolve as well. Current cybersecurity mandates emphasize a Zero Trust approach, focusing on verifying all end users and devices in near real-time. These mandates should be considered the minimum requirement for an agency’s cybersecurity posture. Agencies should deploy multiple verification and prevention technologies to secure those endpoints.

An effective EDR solution can quickly distinguish between normal and anomalous activity in Federal endpoints. Its continuous monitoring is critical for rapidly assessing a threat before sensitive information can be stolen and leaked. Cyber attackers use sophisticated techniques, including artificial intelligence (AI) to gain an advantage. With EDR, Security Operations Center (SOC) analysts can forensically examine the chain of events and not only resolve an issue but proactively set up safeguards to prevent future incidents.

As the threat landscape evolves, it is important not to get caught up in buzzwords such as “modern” EDR. Typically “modern” means that the solution requires cloud connectivity, which can leave crucial blind spots in areas including air-gapped, limited connectivity or other disadvantaged environments. While new EDR capabilities are always being developed, the fundamental aspects have always remained the same. Visibility, as always, is the most crucial of all. An effective EDR solution is feature-rich, mature and can monitor in diverse environments.

Carbon Black EDR: Visibility on All Fronts

Regarding Public Sector cybersecurity, the primary objective is to protect the entire environment, from air-gapped and cloud environments to end-of-life operating systems. As the founders of EDR, Carbon Black offers a mature solution that can be configured to alert SOC teams to previously unknown, potentially interesting activity. By using open Application Programming Interfaces (APIs), agencies can retain total data sovereignty and pass it off to Security Information and Event Management (SIEM) systems.

Carbon Black EDR offers a full lifecycle cybersecurity solution. The solution proactively and continuously monitors all endpoints and is compatible with multiple integrations. Through watchlists, threat intelligence and other methods, Carbon Black EDR detects anomalous or malicious activity and helps SOC analysts respond through various means. SOC teams can also visualize the progression of the attack through diagrams or timelines. This customizable threat intelligence allows Carbon Black EDR to be a well-rounded solution for any agency looking to align with Federal cybersecurity mandates.

A mature, effective EDR solution always has endpoint activity awareness at the forefront, giving SOC analysts unparalleled visibility into their environment. This focus is crucial, as Federal mandates continue to focus on a Zero Trust approach to cyber security. Increasing your endpoint visibility through EDR not only improves reaction time during a crisis incident but allows SOC teams to proactively prevent future cyberattacks.

Want to learn more about how Carbon Black EDR enhances your endpoint visibility? Contact our Broadcom team at Broadcom@carahsoft.com or visit our website.

How Endpoint Detection and Response (EDR) Creates a Successful Cybersecurity Posture

Posted on by Craig Picken and Elizabeth Schultheisz

Stringent cybersecurity measures are crucial to secure Public Sector operations, and Endpoint Detection and Response (EDR) is a critical tool in that belt. Malicious adversaries range from rogue actors to nation-state-sponsored attacks, and all frequently target specific organizations that deal with highly sensitive data. By itself, EDR can quickly identify abnormal behaviors or code and help the SOC analyst team respond accordingly. When paired with other Security Operations Center (SOC) tools, EDR further broadens SOC visibility and increases operational efficiency. Federal agencies can use that intelligence to not only resolve security breaches, but also proactively adjust their security measures to prevent further incidents.

All Eyes on the Data: EDR and Data Visibility

Visibility is a fundamental tenet of EDR. When SOC teams have access to data that is current and actionable, they can make calculated, proactive decisions and respond appropriately in crisis scenarios. An effective EDR tool will monitor existing data, detect anomalous behavior and respond to threats in real time.

Data from across multiple sources is recorded and compared against watch lists that SOC analysts can use to search for anomalous activities. Additionally, known threat vectors are continuously monitored in near real-time, and analysts are automatically alerted to suspicious behavior. EDR looks at all endpoint activity, not just individual data silos, and presents that raw data to SOC analysts in a usable, searchable manner.

Efficiency and Data Quality: Two Sides of the Same Coin

It is not just the quantity of data SOC teams can access that matters; the quality of the data is just as crucial. Chief Information Security Officers (CISOs) and SOC teams need to make fast, defensible decisions in both routine and crisis scenarios. Analysts do not have the time to sift through all alert activity and determine those that need immediate response. An effective EDR solution allows for tuning of watchlists to prioritize alerts. By receiving higher fidelity alerts, SOC analysts optimize time spent investigating and providing real-time response by isolating endpoints or acting directly to terminate suspicious processes.

It is not enough for security alerts to be prioritized; if the information is unreliable or incomplete, any analyses or flags extrapolated from that data are virtually worthless. A data-based EDR solution allows SOC analysts to resolve issues quickly, reducing the risk of faulty decisions.

Carbon Black EDR: The Premier Option

After observing the need for security and visibility in endpoints, Carbon Black was founded and pioneered EDR. Its open architecture with Application Programming Interfaces (APIs) makes it possible to correlate the data with other SOC tools, such as network, identity, endpoint protection and data protection tools. Additionally, Carbon Black EDR can integrate with different security products, including Security Information and Event Management Systems (SIEMS). This holistic vision allows SOC teams to understand the entire lifecycle of potential attacks, and accurate data ensures that analysts know exactly what, where and how an incident occurred.

This layered approach to cybersecurity is especially valuable to the Public Sector. Many Federal teams work in multiple siloed or air-gapped networks, and each of these networks have different functions. Carbon Black EDR has the flexibility to be deployed in multiple environments and tailored to their individual operations.

Want to learn more about how Carbon Black EDR can elevate your cybersecurity posture? Contact our Broadcom team at Broadcom@carahsoft.com or visit our website.

| Carahsoft

Tag Archives: EDR