Application whitelisting Carbon Black Product

DCIM_Support · ‎2020-07-05

This question was originally posted on DCIM Support by Paul Bartholomew on 2019-06-10

Hi

I have an email from a customer that has DCE and DCO, and is about to deploy some protection software by Carbon Black. He has some questions about the whitelisting function regarding our software. Can anyone shed any light on the subject. I have pasted his email below:

At the future point in time when Application Whitelisting agents are deployed to the Woodside OT fleet, the software you supply/support will need to be added to a whitelist to ensure its continued operation.

At this stage we're not seeking any involvement from your organisation on the OT Cyber Resiliency Project, other than we would like you to:

Notify us, if your organisation has had previous experience (at other customers sites), in enabling your software/hardware in conjunction with any Application Whitelisting toolsets.
Notify us, if your organisation has had previous experience (at other customer sites), in enabling your software/hardware in conjunction specifically with the CB Protection toolset.
Send us any Lessons Learnt logs your organisation has from previous experience in making your software/hardware operate under an Application Whitelisting toolset.
Advise us of any Best Practice your organisation has in regards to making your software/hardware operate under an Application Whitelisting regime.

DCIM_Support · ‎2020-07-05

This answer was originally posted on DCIM Support by Steven Marchetti on 2019-06-10

Hi Paul,

I don't understand enough about the application itself to provide a precise answer. If as I imagine this is a software installed on the operating system to monitor it like an anti-virus, it can not be installed on StruxureWare DCE. DCE is a "Black Box" and nothing can be installed on the system. Although I don't have enough info on DCO, I would imagine it would potentially cause issues there as well. Additionally, if there is something trying to connect to the systems, there is little to no info that can be obtained. There is also no "white-listing" available on the system for applications

If you have more specific info on how this "Carbon Black" may operate and what it needs or does, perhaps we can provide a more specific answer.

Steve

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Paul Bartholomew on 2019-06-11

Hi Steve

Thanks for your reply

Yeah, I pretty much replied the same thing to the customer so I leave it with them for now. I suggested that if their security software allows them to white-list manually that they should allow DCE and DCO, if it is set through some sort of global database, then they need to apply to the developers to allow specific software (the same way anti-virus databases work). I let them know that they are java apps and that the relevant JRE will be required to run also.

I guess ultimately its up to them to configure the white list, and our software like any other software can be allowed or disallowed.

DCIM_Support · ‎2020-07-05

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.

Invite a Co-worker

Invitation Sent