3 Steps to Win Quickly With Carbon Black App Control

Advanced threats and targeted attacks are on the rise—and so are their consequences. In 2023, organizations faced a 70% surge in compromises compared to the previous year, and an alarming 2,600% increase in supply chain attacks since 2018. It’s clear that a set-it-and-forget-it solution is no longer enough to secure your endpoints. Antivirus (AV) software and other traditional mitigations simply can’t defend against advanced threats and targeted attacks. 

Here’s why: These traditional solutions take a negative security approach to defending your infrastructure. They use known malware and threat signatures to identify threats to your software, files, data and people. But this “known bad” approach can fail when new threats emerge rapidly. 

While AV and other endpoint security solutions are an absolute must, organizations can benefit from a positive security model to supplement and bolster the protection you gain from negative security tools. 

Application control uses a positive security approach by denying all software and file usage by default, and allowing them to run only once you’ve established they can be trusted. You’ll recognize this as a quintessential component of the Zero Trust model, allowing only “known good” software and files.

Remove the friction

While highly effective, application control is not always a frictionless technology. It requires security personnel, company end users and management to think differently about security. But when done right, application control can help organizations protect their most important assets and become more efficient, accountable and productive in the process. 

And efficiency adds up. According to The Forrester Total Economic Impact™ Of Carbon Black App Control study, commissioned by Carbon Black, organizations who implemented Carbon Black App Control experienced optimized productivity worth a net present value (NPV) of $1.10M, with a 207% return on investment (ROI).

The truth is, no matter how open or dynamic your environment, there’s a straightforward path to success with application control, albeit that path will likely be different for each organization. This is largely based on the level of enforcement you are willing to impose, the amount of resources you want to commit to setting up your application control environment and your capacity to work with stakeholders to help them understand the importance of this essential new level of protection.

There are ways to make that process easier. Carbon Black App Control was designed to allow you to get to work quickly and start better protecting your environment—without months of delay configuring your solution.

Get up and running fast: 3 ways to win

Carbon Black App Control offers low, medium and high levels of enforcement. We’ve found nearly 97 percent of our customers want to get to high enforcement (the most effective) right out of the gate. But our top recommendation: Begin at the beginning. Start in low enforcement and work your way through medium to high to achieve real security gains, allow your team and users to see benefits and experience wins, and build in room for adjusting to these new processes. 

The road to high enforcement and security success looks different for every organization, but here are three ways we’ve seen customers take to realize wins fast. 

1. Automate your approval mechanisms. 

Carbon Black App Control comes with a suite of approval mechanisms that are built right into the console. Remember, our application control solution does not rely on a library or “list” of files to maintain, which can easily become outdated. Instead, App Control employs a trust-based approach to content approval, consisting of multiple mechanisms that allow file approval without having to maintain a list of hashes to approve. 

Achieving a positive security posture is faster and easier, through our granular mechanisms:

• IT & cloud-driven trust provides trusted directories and threat/reputation from the cloud.
• Trusted publishers enable you to choose to trust Google/Adobe/VMWare, or other sources you trust.
• Custom rules provide more granular control, allowing files to be approved by path, process, and users.
• Event rules means external sources can send new and unknown files for static or dynamic analysis, and then approve or ban based on the results. 

2. Implement the 90% strategy. 

Our experience shows that policies implemented as part of the primary trust strategy will often approve 90 percent or more of the relevant files right away. For the remaining 10 percent, we then leverage a data-centric, iterative approach that allows us to identify the additional use cases that generate the most files and affect the most machines. Field-tested design patterns for many use cases, and a straightforward syntax for creating rules, enable additional policies.

3. Get started on one or two added protections.  

Unlike traditional application control products, Carbon Black App Control also offers File Integrity Monitoring and File Integrity Control, Device Control, Registry Protection and Memory Protection. Choose among these to engage a couple of additional protection layers based on your security needs:

• Catalog all executable content. This is foundational and gives you visibility into every software asset in the environment. 
• Take control of removable storage. Track USB drives and other devices to control the file operations that users can perform on them—a critical feature as USB-based malware attacks surged nearly sixfold since 2019.
• Protect Windows system processes. Monitor attempts to access a process on a Windows computer and protect the process from being accessed or altered by any other processes. 
• Defend the Windows Registry. Prevent modifications to the Windows Registry to prevent malware persistence, meet compliance requirements, and prevent damage that can be difficult or impossible to reverse.

Carbon Black App Control can help you combat advanced and targeted attacks by securing your critical systems, preventing unwanted changes and ensuring continuous compliance with regulatory mandates. By implementing a positive security model with App Control, you can continuously protect your business against cyber-threats that evade traditional security measures.

For more information, read the whitepaper: Application Control: Observations and Strategies for Success.