How to Implement a Carbon Black Policy Testing and Deployment Strategy

Summary: This article outlines a strategy that can be used for VMware Carbon Black policy testing and deployment.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Affected Products:

  • VMware Carbon Black Cloud Endpoint Standard
  • VMware Carbon Black Cloud Endpoint Advanced
  • VMware Carbon Black Cloud Endpoint Enterprise
  • VMware Carbon Black Cloud Enterprise Host-Based Firewall

With the ever-changing Cybersecurity Landscape, administrators must ensure that a proper strategy is used for VMware Carbon Black Cloud when updating and deploying policy changes to minimize risk and attack surfaces.

It is not recommended to make any large-scale changes to policy without sufficient testing to ensure minimal impact to a production environment. Best practices suggest a systematic approach to testing and deployment to ensure policy updates along with new features avoid creating any gaps in the current security posture.

Testing and Deployment Overview:

  1. Copy the existing policy to a new policy that has the date and test in the title.

Example Name: 10-15-2023 Product Test Policy

  1. Within the test policy, make necessary updates which may include enabling new features.

Example - Ensure that all Core preventions are set to Alert and Block.

  1. Add any necessary exclusions to the Core Prevention rules.
    • Be Specific when defining exclusion rules.
    • Avoid wildcards.
    • Add multiple criteria to the exclusion rule.
  2. Save the policy changes and move on to endpoint assignment.
  1. Identify a test endpoint group with a good cross-section of the environment (hardware and software) for testing and validation.
  2. Assign Test Policy to the Test Endpoint Group to confirm changes and ensure that any impact on processing is acceptable.
  3. Allow the endpoints to run with the new policy for seven days, using the date in the name of the title as reference for when to move forward.
  4. Review the behavior of the endpoints and confirm if any modifications are required to the policy.
    • If modifications are required:
      1. Copy the existing test policy and update the name to have the new date.
      2. Modify the policy if needed and save.
      3. Reassign the test machines to the new test policy and let them run for another seven days.
      4. Continue this process until no additional modifications are needed.
    • If no modifications are needed, move on to the next step.
  5. Add additional endpoints to the Test policy and allow to run for another seven to ten days and monitor to ensure that the behavior is as expected and no negative impact to Security or overall processing is observed.
  6. If Testing of the larger segment of endpoints is successful, copy the latest test policy and change the name to indicate it is the current Production policy.
  7. Assign endpoints per the current deployment strategy until the environment has been moved to the latest Production policy.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

VMware Carbon Black
Article Properties
Article Number: 000219068
Article Type: How To
Last Modified: 02 Oct 2024
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.