The Carbon Black App Control architecture consists of the following components:

  • Carbon Black App Control Server software provides central file security management, event monitoring, and a live inventory of files of interest on all agent systems.
  • Carbon Black App Control Agent software runs on servers, desktops, laptops, virtual machines and fixed-function devices. It monitors files and either blocks or permits their execution based on security policy settings. It also reports new executable and script files to the Carbon Black App Control Server and enforces other rules you configure.
  • Carbon Black App Control includes an API that allows programmers to write code to interact with Carbon Black App Control, either using custom scripts or from other applications.
  • Carbon Black App Control also may be integrated with third-party products. This includes external analytics products such as Splunk and network security products such as those from Palo Alto Networks.
  • Carbon Black App Control is part of a platform which also includes:
  • Carbon Black File Reputation, which compares new files introduced on computers running the Carbon Black App Control Agent and Carbon Black EDR sensor to a database of known files, providing information on threat level, trust factor, and software categorization. If you choose, you can use trust information to automatically approve files in Carbon Black App Control.
  • Carbon Black EDR, which provides incident response and threat hunting capabilities. IT continuously records and centralizes all endpoint activity, giving Incident Responders, SOC analysts, and MSSPs complete, real-time information for identifying the root cause of an attach, hunting anomalous behavior, and isolating threats. If you choose, you can configure Carbon Black App Control to receive file information and watchlist events from Carbon Black EDR.