Companies can set policies allowing, say, only software from certain trusted organizations to be installed by end users, and other software can only be installed with permission from IT. Or they can allow certain types or groups of users to manually approve unauthorized software, but send a report to IT.
There are various possible levels of prevention, said Kevin Flanagan, director of corporate communications at Carbon Black.
"And IT doesn’t need to be responding all the time to requests for software approval," he added.
As a result, he said, Carbon Black doesn't just stop known malware, but brand-new malware, variations on old malware designed to slip past traditional antivirus, zero-day exploits, and targeted advanced attacks.
According to the EMA report, Carbon Black is currently the leading next-generation endpoint security vendor by revenue, with 24 percent of the total market.
In addition, Carbon Black is the leading vendor by licenses sold, with 16 percent of the market.
By comparison, 2-year-old SentinelOne, the other vendor to seek certification, has a much smaller share of the market -- 1 percent by revenue, and 1 percent by licenses sold.
It also takes a different approach to malware prevention than Carbon Black, looking at the behavior of applications.
"We operate within the kernel space, looking at all the kernel-level processes," said Scott Gainey, CMO at SentinelOne. "We try to identify malicious patterns."
The company was tested by AV-test last June, and it caught 100 percent of malware in the AV-test reference set of malware discovered in the previous month, compared to the industry average of 99.1 percent.
But AV-test doesn't do enough to evaluate vendors unknown threats, Gainey said.
"That's critically important," he added.
In February, Gartner named SentinelOne a "visionary" in the company's magic quadrant for endpoint protection platforms, saying, "the solution performs well in antivirus tests without relying on traditional signatures, indicators of compromise, or whitelisting."
However, as a new company, it's missing some of the extended features offered by more established players in the space, such as URL filtering, port protection, and enterprise mobility management.
Gartner also warned that attackers are always looking for new ways to avoid detection.
"As SentinelOne becomes more popular, its approach will come under more scrutiny from attackers," wrote Gartner analyst Peter Firstbrook in the report.
Sign up for CIO Asia eNewsletters.