?

Carbon Black App Control

Bookmark
Solution Overview
Highly targeted assets demand perfect security, but can’t afford loss in performance. Critical systems are increasingly targeted because they contain the most valuable information. These systems cannot afford a moment of unscheduled downtime or performance degradation as they are the lifeblood of the organization. They often run on out-of-date or unsupported operating systems, which are costly to secure and support. The most common approach to defending these systems typically relies on layering multiple, ineffective security products, which is costly, creates risk and jeopardizes performance.

Carbon Black App Control is used to lock down servers and critical systems, prevent unwanted changes and ensure continuous compliance with regulatory mandates. Leveraging cloud reputation services, IT-based trust policies and multiple sources of threat intelligence from the VMware Carbon Black CloudTM, Carbon Black App Control ensures that only trusted and approved software is allowed to execute on an organization’s critical systems and endpoints.

Goals & Objectives

This scheduled lab environment provides an overview of the features and functionality of VMware's Carbon Black App Control solution. Understand how this solution combines application whitelisting, file integrity monitoring, full-featured device control and memory/tamper protection into a single agent. 

Learn about the benefits this solution provides:

  • Stop malware, ransomware and next-gen attacks
  • Eliminate unplanned downtime of critical systems
  • Consolidate endpoint agents
  • Prevent unwanted change to system configuration
  • Meet IT risk and audit controls across major regulatory mandates
  • Increase efficiency of IT resources with streamlined IT audit processes
  • Protect legacy systems running on unsupported operating systems
  • App Control is now a direct control for requirement 5 of PCI DSS

Hardware & Software

This lab consists of the following hardware and software:

Software 
  • VMware Carbon Black App Control

Server Devices
  • 1x Windows Jumphost (Windows Server 2016).
  • 1x Generic Server (Windows Server 2012).
  • 1x Generic Server (Windows Server 2016).
  • 1x Generic Server (Red Hat Enterprise Linux 7).
  • 1x Generic Server (CentOS 7).
  • 1x Generic Server (Solaris 11).

Client Devices 
  • 1x Attack Client (Windows 10 Enterprise).
  • 1x Generic Client (Windows 7 Enterprise).
  • 1x Attack Host (Kali Linux 2018).

Technologies