Carbon Black App Control is an industry-leading application control product, used to lock down servers and critical systems, prevent unwanted changes and ensure continuous compliance with regulatory mandates. Combining a trust-based and policy-driven approach to application control with real-time threat intelligence, Carbon Black App Control continuously monitors and records all endpoint and server activity to prevent, detect and respond to cyber-threats that evade traditional security defenses. With open APIs and a broad partner ecosystem, Carbon Black App Control provides exceptional flexibility to seamlessly integrate with both in-house and third-party tools.

How the default deny is applied to all devices and functions protected by App Control.

Best Possible Protection – With Carbon Black App Control, administrators can stop attacks before they occur. Leveraging Carbon Black App Control's proactive "Default-Deny" prevention capability, Carbon Black App Control can lock down systems to stop malware, ransomware, zero-day, and non-malware attacks.

Instant Visibility – Once installed, the Carbon Black App Control Agent provides administrators with real-time visibility into all executable-type files running across their environment. Working with the Carbon Black File Reputation, the Carbon Black App Control Agent provides administrators with trust ratings and actionable intelligence to easily identify and automatically take action against those files most likely to be malicious.

Continuous Compliance – The cost of compliance is outpacing any other spending in IT. Carbon Black App Control makes regulatory and policy compliance easier and less costly with built-in file integrity monitoring, device control, and powerful change control.

Simplified Software ApprovalCarbon Black App Control has many trust mechanisms to help simplify the approval of software. Software can be automatically approved by IT-driven trust mechanisms via software distribution systems, patch management solutions, and application auto-updates. Software can also be automatically approved by cloud-driven trust, such as software reputation and publisher trust using our Carbon Black File Reputation or via file analysis services.

Rapid ConfigsCarbon Black App Control includes pre-built rule sets that provide advanced threat detection and prevention delivered from the cloud. These rule sets can detect and prevent malicious activity across endpoints in an organization's environment with minimal effort. Some of the Rapid Configs that we've released include OS Hardening, Browser Protection, and MS Office Protection.

Open API ArchitectureCarbon Black App Control's open architecture helps organizations integrate with the entire security stack to automate and simplify the security process. Through its RESTful API and broad partner integration ecosystem, Carbon Black App Control provides organizations with unmatched openness and extensibility to integrate their security solutions for improved automation, reporting and faster security response times, via third-party security products (SIEM, Network, Endpoint, Operations) or custom in-house tools.

Using Carbon Black App Control, you can:

  • Stop malicious software by blocking known viruses, trojans, application exploits, and custom and targeted attacks
  • Stop zero-day threats by allowing only approved software to run
  • Create rules to monitor and control access to the Windows registry
  • Create rules to stop “living-off-the-land” attacks that use PowerShell and other scripting tools
  • Create memory rules to monitor and control access to specific processes on Windows computers
  • Create file integrity monitoring and control rules to prevent or report access to critical, non-executable system configuration files
  • Reduce the burden of compliance through streamlined audits, activity monitoring, violation notification, and policy enforcement
  • Use Carbon Black File Reputation service to identify and classify the risk associated with the software discovered in your environment using reputation services, and to automatically approve files or publishers considered trusted by the service
  • Prevent data theft and leakage by auditing and controlling the transfer of sensitive data to attached storage devices on Windows and Mac computers
  • Create rules to approve or ban file execution on storage devices by model or serial number on Windows and Mac computers
  • Monitor drift away from a baseline of files to minimize risk, identify needed remediations, maintain compliance, and reduce support costs
  • Monitor threats using advanced threat indicators, Carbon Black App Control events, file details, and alerts.
  • Automate file- and computer-related actions based on incoming events.
  • Use the OpenAPI to integrate third-party network, endpoint, SIEM, and analytic security products and services with the Carbon Black App Control Server for notifications and analysis.
  • Export Carbon Black App Control data for use by external analytics products such as Splunk.