Endpoint Application Control

Cb Protection delivers application control and critical infrastructure protection to lock down servers, critical systems and fixed-function devices in highly regulated environments.

Security experts including the FBI, the Department of Homeland Security, Gartner and NIST all agree – application control is the best security strategy for critical systems. Cb Protection is a proven, widely deployed and easy-to-manage application control solution available today. It enables organizations to establish automated software controls and protection policies that completely lockdown corporate assets, intellectual property and regulated data.

Cb Protection is a powerful security solution for data centers and critical systems, allowing server admins to consolidate agents. Using a ‘Default Deny’ approach, Cb Protection reduces your attack surface and reduces downtime by automating approval of trusted software and eliminating the burden of whitelist management.


Stop attacks by allowing only approved software to run

Automate software approvals and updates via IT and cloud-driven policies

Low touch solution: One admin resource could manage up to 10,000 systems

Prevent unwanted change to system configuration at the kernel and user mode levels

Power device control and file integrity monitoring and control (FIM/FIC) capabilities

Stops malware and next-gen attacks

Meet IT risk and audit controls across major regulatory mandates

Replace inadequate security controls and consolidate endpoint agents

Streamline regulatory and IT audit processes Increase efficiency of IT resources

Minimize unplanned downtime of critical systems

Protect vulnerable legacy systems

Use Cases

  • Lockdown corporate desktops, laptops
  • Point-of-sale terminals
  • ATM machines
  • Industrial Control Systems (SCADA)
  • Medical devices
  • Domain controllers
  • Financial trading platforms
  • Email and web application servers
  • VDI environments
  • Card data environments (CDE)
  • Unsupported systems
  • Fixed-function devices

Cb Protection combines application control, file integrity monitoring, device control and memory protection for the strongest system lockdown. This approach stops malware and non-malware attacks by preventing unwanted change. This is effective at stopping file-based attacks and next-gen attacks that use obfuscated malware, as well as memory-based, and script-based techniques, like PowerShell. Cb Protection ensures comprehensive critical system protection for new and legacy systems – which are the most vulnerable – even in diverse locations.


Cb Protection helps you achieve compliance against standards required by all major regulatory bodies. At the core of compliance is the ability to continuously monitor your assets, track and enforce your change-control policies, measure any drift from your desired baseline and the ability to seamlessly audit and report your implemented policies. With Cb Protection, your organization can enforce the integrity of your deployment configurations, continuously monitor critical-system activity, assess compliance risk and even achieve compliance for end-of-life systems. This helps maintain continuous compliance with numerous regulatory standards and frameworks, such as PCI-DSS, HIPAA/HITECH, SOX, NERC CIP, NIST 800-53, and more


The key to effectively locking down systems is the ability to do it easily and at scale. Your security solution should be both high-performance and low touch. You need to be confident that your solution is blocking the “bad” and allowing the “good” to run while not
interrupting your day-to-day business operations. Cb Protection is designed specifically with these objectives in mind - protection and ease of use. Cb Protection utilizes IT and cloud-driven trust for automatic approvals. Software deployed by IT is automatically approved. Additionally, you have the ability to automatically approve software based on cloud-driven trust. Out-of-the box templates to ease the implementation of heavily-targeted systems such a domain controllers, exchange servers and common application servers.