Continuous recording and analysis of endpoint activity is required to detect and respond to today’s complex threat landscape. This collection and analysis of endpoint information allows organizations to detect, respond to, and remediate incidents.
Carbon Black EDR is a continuous real-time endpoint monitoring, collection, processing, and analytics solution that manages very large amounts of data and demands a unique hardware infrastructure. Carbon Black EDR is a big data solution and is similar to netflow or data aggregation products in function and processing demands. Carbon Black EDR is unlike a typical database-driven web app. It is not uncommon for database sizes to grow beyond 10TB; Carbon Black EDR often processes and analyzes billions of data points of information per day.
Insufficient or inappropriate hardware configurations account for the majority of performance-related issues that Carbon Black EDR customers encounter. A properly-configured system ensures that Carbon Black EDR delivers the highest-possible user experience. Therefore, we require conformance to our server sizing guidance. Carbon Black Support and Professional Services teams cannot assist with performance-related issues until the deployment conforms to the recommendations in this guide.
This document is designed with our customers’ success as the top priority. We make a concerted effort to ensure that this guide receives the appropriate attention by all stakeholders, including those from IT, SecOps, database management, and datacenter teams. Alignment across stakeholders helps ensure an on-time deployment and minimal time-to-value.
This document will guide you to the necessary hardware and storage configurations to provide a great experience, and put your organization in the best posture possible. We look forward to working with you to design an infrastructure that meets your specific needs.