VMware Carbon Black Cloud Endpoint Lab

Solution Overview

Protect your organization and customer data with an easy-to-manage, cloud-native endpoint protection platform (EPP) that combines prevention and automated detection to defend your organization from today’s advanced cyber attacks.

The VMware Carbon Black Cloud Endpoint is a next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution that protects against the full spectrum of modern cyber attacks. Using the VMware Carbon Black Cloud’s universal agent and console, the solution applies behavioral analytics to endpoint events to streamline detection, prevention and response to cyber attacks.

Goals & Objectives

This self-directed, on-demand environment provides an overview of the features and functionality of VMware's cloud-enabled endpoint security platform. Understand how to analyze endpoint activity, adapt prevention to evolving threats and automate your response to disrupt cyberattacks from a cloud-native platform and universal agent.

Learn about the benefits this solution provides:

  • Protection from known and unknown attacks.
  • Clear alerts and prioritization of potential attacks.
  • Easier investigation into security incidents.
  • Faster mean time to resolution (MTTR).
  • Reduced overhead; no infrastructure required.

Hardware & Software

This lab consists of the following hardware and software:


  • VMware Carbon Black Cloud Endpoint Standard
  • VMware Carbon Black Audit & Remediation
  • VMware Carbon Black Enterprise EDR
  • VMware Carbon Black App Control


  • 1x Windows Jumphost (Windows Server 2016)
  • 1x Windows Domain Controller (Windows Server 2016)
  • 1x Windows File Server (Windows Server 2016)
  • 1x Generic Server (CentOS 7)
  • 3x Generic Client (Windows 7 Enterprise)
  • 1x Attack Host (Kali Linux 2020)