Carbon black custom rules

 

Bit9, now called Carbon Black (Cb) Protection Enterprise is a utility that will intentionally block any application that has not been authorized to execute on the system. Carbon Black protection is a tool for whitelisting, and allows the creation of rules to control file executions on monitored systems.  Stanford University IT is actively working on implementing Carbon black Protection in our  environment.  This is an additional security tool along with Firewalls and  anti-virus applications.

 

Carbon black works by continuously monitoring all file system activities happening on the server  and provides a real-time response and blocks potential threats. We can whitelist applications by creating event rules and custom rules, and in this article we will be elaborating on best practices for creating custom rules, and why and when we need them.
Continue reading “Carbon black custom rules”