• Drowning in signals and disconnected stacks, many security teams are overwhelmed with noise they’re not equipped to handle fast enough for the current threat landscape.
• Symantec CBX unites the best capabilities from Symantec and Carbon Black for one AI-driven, enterprise-grade XDR platform that even a junior analyst can put into action. 
• Built for resource-constrained teams and overburdened SOCs, CBX simplifies security, reduces costs, cuts alert fatigue, and gives organizations the long-awaited advantage against sophisticated AI-powered attacks.   

These days, every SOC is drowning in signals. 

Endpoints. Cloud workloads. Network telemetry. Threat intelligence feeds. Every system generates numerous amounts of data—and buried inside that mountain of information are early indicators of the next breach.

The biggest challenge, especially for smaller, under-resourced teams, is turning these signals into informed decisions before attackers make their move. With increasingly sophisticated, AI-powered threats knocking at every organization’s door, the window for response shrinks. 

That’s why Symantec and Carbon Black designed Symantec CBX, a unified extended detection and response (XDR) platform that correlates telemetry across multiple control points to deliver unparalleled prevention, detection, and response. 

In this episode of Cyber Legends, we talk with Arjun Narang, one of the many experts behind this brazen new XDR platform, to understand how CBX became the answer so many have been waiting for and what makes it perfect for this new era of cybersecurity. 

What inspired CBX? How did we get here?

In the rush to jump on the XDR bandwagon, vendors overlooked a major need in the market: Smaller organizations lacking the resources of large enterprises, which thanks to AI and dark web ransomware kits, are facing the same threats that the big guys face. In their efforts to secure their endpoints, networks, and data, these less-resourced organizations just relied on vendors to provide APIs to bring together telemetry data into a single view. But that approach only served to club together unrelated data, leaving gaps in visibility that could make environments less safe.

We saw that opportunity and then looked at what we could offer: Carbon Black’s EDR and threat hunting capabilities, combined with Symantec’s endpoint protection, network security defenses, and core data protection. Building a unified solution that brings all these capabilities together would provide: 

• Native data correlation so security teams can deliver quantifiable outcomes that satisfy management and compliance officers;
• Dynamic prevention that leverages all your environmental security signals with AI-powered capabilities so your environment can adapt to constantly changing threats; and
• Intuitive investigation so analysts can see and understand the full scope of an attack.  

So we took those capabilities and integrated them into a single platform that delivers complete visibility into all telemetry data, and then correlates that data into AI-driven insights that enable security analysts at all levels, not just senior experts, to speed up remediation and get operations back to square one as quickly as possible.

What makes CBX stand apart? 

We have the distinct advantage of building on the long and celebrated histories of our two cybersecurity brands: Symantec and Carbon Black. (Symantec was founded in 1982 to focus on AI and natural language processing, and Carbon Black began as Bit9 in 2002, eventually pioneering EDR.) Combining these well-respected brands puts us in a unique position compared to any other vendor in the market. There aren’t many companies that have held mature endpoint, network, and data security solutions under the same portfolio for multiple years. Symantec has been in that position for several years now—with the foundations of CBX already underway to bring all those solutions into one management stack. The addition of Carbon Black into this portfolio gave us the final piece of the puzzle: a robust EDR telemetry engine to correlate signals across multiple vectors.

Historically, robust XDR was built for large, well-resourced organizations that have the staff, budget, and expertise to configure and maintain complex stacks—often with customized integrations. The vast majority of organizations don’t have those resources, so everyone except the top of the market has to rely on a proliferation of tools that integrate via vendor APIs, which can leave gaps in telemetry data and visibility. 

That all changes with CBX. Not only does CBX gather data covering three major domains, but it also natively correlates that data into meaningful insights that give security teams clear, helpful direction on attacks that are underway—and how to shut them down. In addition to surfacing crucial alerts for limited teams to focus on, CBX also accelerates threat hunting, investigations, and remediations.

Featuring capabilities entirely unique to us, this new platform incorporates key features of Symantec and Broadcom innovations, including : 

• Incident Prediction. Predict an attackers' most likely next four to five moves, blocking any opportunity for lateral movement before they can switch tactics.
• Adaptive Protection. Stop living off the land (LOTL) attacks by automatically blocking unusual behaviors of legitimate software and OS utilities. 
• Threat Tracer. Give your teams an interactive, visual view of the attack chain, so even junior analysts can see how an attack evolved and what was targeted.

I have to add: While we definitely have industry-leading solutions, we also have the experts behind them. Together, these strengths enable us to build an XDR product with true correlation across different telemetry types, tied into strong prevention capabilities, and built across multiple vectors.

What pain points did the team have in mind when building CBX?

Plenty. Alert fatigue, analyst burnout, gaps in telemetry and visibility, a lack of data protections… I mean, data security is often simply ignored by smaller organizations. Then there’s tool sprawl, administrative complexity, strict new compliance measures every year, the general inability to understand the true blast radius of an attack, an incapacity to detect and shut down aberrant use of legitimate tools and software that can lead to LOTL attacks, difficulty correlating telemetry data across endpoints, networks, and data…it’s a long list. And CBX addresses every single one of them.

What elements of CBX are you most excited for people to see?

Frankly, I’m excited to show the market that Symantec and Carbon Black are not “legacy” brands. We are innovators—the first vendor to build the XDR solution that the market has been asking all of us to build for years now. Think less “legacy” and more “legendary.”

Beyond that, there’s our AI integrations. See, we have unique capabilities that are powered by AI, but these don’t just leverage AI for AI’s sake. They’re purposefully designed to help humans at the helm. These capabilities were previously only available in other point solutions from Symantec and Carbon Black, and now we’re introducing them within CBX. I’m talking about Incident Prediction, Adaptive Protection, and Threat Tracer, all groundbreaking capabilities I described earlier. 

We’re also introducing CBX with key Incident Summaries capabilities to surface plain-language write-ups of threat and attack investigations that even junior analysts can use to respond quickly and decisively. These AI-powered defenses have already demonstrated what a big impact they have on everyday operations, and now they’re all available under one single console.

How does it feel to have been a key part of the development of the first Symantec + Carbon Black solution?

It feels terrific, because this is the realization of what we first set out to do when Broadcom brought Carbon Black together with Symantec. We’re delivering on the vision of XDR that was set out years ago. 

Symantec CBX also delivers on the promise of “enterprise-grade security for all.” We’re bringing together legendary industry-leading security products across endpoint, network, and data security to provide a true “better together” solution. And anyone who has done something similar before knows what a remarkable, exciting achievement that is.

CBX wasn’t built in a day 

Legendary defenses aren’t rushed. They’re forged over decades—through research, innovation, collaboration, and the constant trial by fire of a tumultuous threat landscape. 

When organizations and resource-strapped security teams spoke of the challenges they faced every day, Symantec and Carbon Black heard the call and combined their industry-defining solutions into one powerful enterprise-grade security platform. 

The conversation about enterprise-grade security for all doesn’t end here. CBX Fest, a five-part webinar series unpacks each facet of Symantec CBX—starting with the first installment, Introducing the Unified Security Platform You’ve Been Waiting For. Register and see how CBX simplifies security and returns the advantage back to your teams.