EndpointsA Carbon Black Cloud sensor is installed on every endpoint that the Carbon Black Cloud protects. The sensor communicates with Carbon Black analytics and the Carbon Black Cloud console. USB DevicesYou can gain visibility and control over USB storage devices detected in your environment. In addition, you can create approvals for trusted devices, block untrusted devices, or monitor access to devices. Securing VM WorkloadsYou can secure workloads in your data center using the Carbon Black Cloud console. Sensor GroupsYou can use sensor groups to apply policy settings across mulitple sensors at once. New endpoints in a sensor group are automatically protected by the policy associated with that sensor group. Managing VDI Clones You can now view virtual machine (VM) workloads and virtual desktop infrastructure (VDI) clones as separate types of VMs in the Carbon Black Cloud console. You can initiate and manage sensor registration on clones, and policy assignments from the VDI Clones page of the console. Reviewing Kubernetes WorkloadsYou can review the risk exposure and all related information for your Kubernetes workloads in the Carbon Black Cloud console. Managing Kubernetes ClustersYou can view and manage all K8s clusters communicating in the VMware Carbon Black Cloud console. Working with Kubernetes ScopesGrouping Kubernetes resources by scope provides a foundation for targeted planning of security policies. Securing Kubernetes NetworkYou can get visibility of the network activity for your Kubernetes clusters in the Carbon Black Cloud console. The network map is a graphic representation of all the namespaces and workloads running in the cluster with their ingress and egress traffic. Scanning Container ImagesContainer images are the images in build or deploy stage in your continuous integration environment. You can scan the container images for known vulnerabilities and observe the scan results in the Carbon Black Cloud console, where the images are grouped by image repository.