...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
| id | 1404768020 |
|---|
...
| id | 1404768040 |
|---|
...
...
Protect your endpoints and unify IT security in one solution.
| Table of Contents | ||||
|---|---|---|---|---|
|
...
| id | 1404768030 |
|---|
How Do I Sign Up?
Follow these steps to start recording endpoint activity data:
Step 1
Sign up for a free Armor demo.
Step 2
Log into Armor EDR.
Step 3
Purchase your licenses in the Armor Management Portal (AMP).
Step 4
Install Armor Anywhere and the EDR subagent on the desired machines.
Product Overview
Incident Detection and Incident Response for Hybrid Deployments
Armor's Endpoint Detection and Response (EDR) is an advanced security detection and incident response solution delivering continuous visibility to Security Operations and Incident Response teams across an organization's end user IT estate. EDR can be installed on laptops, desktops, and servers, giving Customers a 360-degree detailed overview of endpoint activity.
EDR provides next-generation endpoint protection, identifying suspicious activities and events, and performing validation on detected threats, along with identifying anomalies and suspicious behavior patterns. The EDR product also provides next-gen anti-virus technologies to prevent malicious executables from firing in your environment.
| Multimedia | ||||||
|---|---|---|---|---|---|---|
|
Features
Continuous Visibility
You can't stop what you can't see.
Investigations that typically take days or weeks can be completed in just minutes. EDR collects and visualizes comprehensive information about endpoint events, giving security professionals unparalleled visibility into their environments.
Scale the Hunt
Never hunt the same threat twice.
EDR combines custom and cloud-delivered threat intel, automated watchlists and integrations with the rest of your security stack to efficiently scale your hunt across even the largest of enterprises.
Respond Immediately
The days of constantly reimaging are over.
An attacker can compromise your environment in an hour or less. EDR gives you the power to respond and remediate in real time from anywhere in the world. EDR makes it easy to quickly contain threats and repair the damage to keep your business going.
Pricing
Pricing for EDR is per license purchased with an initial minimum of 25 licenses.
EDR Technical Information
| Expand | ||
|---|---|---|
|
...
Currently, Armor is only operating on CB Cloud v3.5.1 for following Windows operating systems:
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10
| Note |
|---|
We are not supporting Windows 11 at this time. |
LINUX
Currently, Armor is only operating on CB Cloud v2.8.0 for following Linux operating systems:
...
OS
...
Version
...
CentOS
...
- 7.X
- 8.X
...
RHEL
...
- 6.X
- 7.X
- 8.X
...
- 16.X
- 18.X
- 20.X
...
- 2
...
- 6.X
- 7.X
...
- 12
- 15
...
- 9
- 10 (untested)
MacOS
Currently, Armor is only operating on CB Cloud v3.5.1 for following Mac operating systems:
- macOS High Sierra
- macOS Mojave
- macOS Catalina
- macOS Big Sur
- installation on Big Sur requires special instructions, see documentation
| Info |
|---|
|
| Note |
|---|
We are not supporting MacOS 12 Monterrey at this time. |
| Expand | ||
|---|---|---|
|
...
Configure firewalls or proxies to allow outgoing and incoming connection to the following Destinations without packet inspection. Per link - https://www.dell.com/support/article/en-us/sln319296/vmware-carbon-black-cloud-endpoint-sensor-system-requirements?lang=en
...
Function
...
Primary Port
...
Backup Port
...
Destination
...
Administration
...
443
...
54443
...
defense-prod05.conferdeploy.net/
...
Client
...
443
...
54443
...
...
Integration Services (API)
...
443
...
54443
...
...
Signature Updates
...
443
...
N/A
...
...
Online Certificate Status Protocol
...
80
...
N/A
...
...
Certificate Revocation List
...
80
...
N/A
...
Configure TCP/443 and TCP/54443 for the below destinations as well.
...
Backend URL
...
API URL
...
Sensor URL
...
...
...
...
https://defense.conferdeploy.net
...
...
...
https://defenseprod05.conferdeploy.net
...
https://apiprod05.conferdeploy.net
...
https://devprod05.conferdeploy.net
...
https://defenseeu.conferdeploy.net
...
https://apiprod06.conferdeploy.net
...
https://devprod06.conferdeploy.net
...
https://defenseprodnrt.conferdeploy.net
...
https://apiprodnrt.conferdeploy.net
...
https://devprodnrt.conferdeploy.net
Signature URLs:
http://updates2.cdc.carbonblack.io/update2 (TCP/80, default definition update server)
https://updates2.cdc.carbonblack.io/update2 (TCP/443, default definition update server for sensor versions 3.3+)
Third-party certificate validation URLs (sensor version 3.3+: optional but recommended and on by default):
http://ocsp.godaddy.com (TCP/80, Online Certificate Status Protocol [OCSP]) • http://crl.godaddy.com (TCP/80, Certificate Revocation List [CRL])
...
| title | EDR Features and Supported OS Types |
|---|
| Expand |
|---|
...
Network
...
CPU: 2GHz multi-core
RAM: 2GB
Disk Space: 500MB
+600MB if local scanning is enabled or using ThreatHunter.
Network Card: 100/1000 mbps
Additionally for Linux systems need 100 MB free space on the /opt partition and 4.1 GB free on the /var partition
...
TLS: 1.2 or later
Minimum Network used during light usage is 1k bytes/sec read/writes each
Primary port 443 and fail over port 54443
Firewall or proxy should be configured with a bypass rule to allow outgoing connections over TCP/443 as well as Cb Defense's alternate port TCP/54443.
| ||||||||||||||||
Useful Links
Was this helpful?
Protect your endpoints and unify IT security in one solution.
| Table of Contents | ||||
|---|---|---|---|---|
|