Toward zero days of cyber exploits

By Davina Armstrong-Cruz

The modern workforce has changed in many ways over the years: from how we access data, to what devices we use, to perhaps the biggest change—the priority we must give to cybersecurity.

Over the past several years, zero-day exploits and other cyberattacks have increased across all industries. Factors that may heighten security vulnerability are as common as users traveling, working from home, and accessing data hosted in the cloud. There might be a case in which a user is a local administrator on their work machine. What can you do to make you and your enterprise less vulnerable? If you were to run into a zero-day exploit right now, how might it be handled?

A typical tactic is to isolate machines and user accounts so that they will not access anything outside the norm. However, that does not really help stop a zero-day exploit. A zero-day exploit could be hiding itself to look like a Windows executable, say, like Explorer.exe. Sure, it might have a different HASH, but what if it looked and acted like explorer.exe and went unnoticed? Ordinary antivirus is just not sufficient to protect originations from advanced threats and targeted attacks. That’s why application control is a great added layer to any organization’s cybersecurity strategy.

Now, you might be thinking, “Application control? Isn’t that like SCCM or Workspace ONE UEM?” No. When we talk about application control, we’re referring to locking down an application’s access to other folders, directories, and applications. It’s like creating an accept/allow list so that an application may be able to touch only x, y, and z.

Of course, some application-control software can be maddeningly complicated and convoluted: You must meticulously add each accept/allow policy for every application. Not so with VMware’s Carbon Black Application Control. You can easily add the agent into your environment and let it learn your typical applications and what it touches. Once the assessment period is over, you just log into the portal and click “allow” and you’re done with that application. If the software accesses a file that it never has before, it will deny the policy, and log it for your review. At that point you could allow the action or have it continue to deny. It’s as straightforward as that.

Carbon Black App Control is designed to enable security-operation teams to lock down new and legacy systems against unwanted change, to simplify the compliance process, and to provide protection for corporate systems.

Key benefits of leveraging VMware Carbon Black App Control:

Locking down critical systems

You can harden new and legacy systems against unwanted changes. This helps stop zero-day, malware, ransomware, and non-malware attacks. It also prevents unauthorized change with file-integrity monitoring, device control, and memory protection.

Continuous compliance

Maintain continuous compliance for key frameworks like PCI-DSS, HIPPA, GDPR, SOX, FISMA, and NERC. You can also monitor critical activity to assess risk and maintain system integrity. Create change-control and application-control policies to secure end-of-life systems.

High Performance

Carbon Black App Control is an easily scalable application-control solution. It uses cloud-based reputation and detonation to enable fast decisions about which software to trust. App Control also comes with out-of-the-box templates for easy deployments. It also automatically trusts software deployed by IT; thus, you can be confident with blocking the “bad” and allowing the “good” without interrupting operations.

Reach out to Sterling to learn more about the VMware Carbon Black Suite. Our engineers can assist you in setting up Carbon Black Application Control and deploying enhanced defense against malicious cyber activity:

Share the Post: