IN Brief:
- Broadcom has brought Symantec and Carbon Black together in a single cloud-based XDR platform.
- CBX combines endpoint telemetry, data security, secure web gateway functions, and AI-assisted investigation inside one interface.
- The launch signals a broader move toward consolidated security tooling for organisations facing enterprise-grade threats without enterprise-scale SOC resources.
Broadcom has launched Symantec CBX, a cloud-based extended detection and response platform that pulls together technologies from Symantec and Carbon Black in a single operational stack. Rather than presenting the two portfolios as parallel products, CBX turns them into one interface for prevention, detection, investigation, and response.
The platform combines Symantec’s prevention, Adaptive Protection, Data Security, Cloud Secure Web Gateway, and Incident Prediction capabilities with Carbon Black’s endpoint detection and response technology. Broadcom is positioning that mix at organisations that face increasingly sophisticated attacks but do not have the people, time, or budget to run a large security operations centre across multiple disconnected tools.
At platform level, the central idea is signal consolidation. CBX correlates activity across endpoints, networks, data, cloud, and identity, linking events into higher-confidence incidents rather than leaving analysts to work through large alert volumes in isolation. Threat Tracer acts as the main investigative surface, providing a visual path through attacker activity across endpoint, network, email, and cloud environments so teams can see how an intrusion entered, moved, and what it touched.
Broadcom has also built a stronger AI layer into the product than a conventional alert-ranking engine. Incident Prediction is designed to forecast an attacker’s next likely moves, while the SymantecAI Security Assistant supports classification, ransomware behaviour matching, and remediation guidance. Adaptive Protection remains a core element of the stack, aimed at identifying and blocking living-off-the-land activity in which legitimate tools already present in the environment are used to advance an attack.
There is a clear portfolio strategy behind the launch. Broadcom has spent the past several years assembling a substantial security software estate, and CBX is one of the clearest signs yet that integration is moving from ownership structure into product architecture. That matters in mixed environments where devices, data, cloud services, and network edges are already tightly connected, but operational overhead still rises every time another standalone console is added to the mix.
Broadcom said CBX will be available later this year through its Catalyst Partner Program, with a migration path for existing customers. More detail is available on the CBX launch page.
