Application control solutions reduce IT risk by regulating which programs can be launched on desktops, servers and other assets. For instance, application control can help to prevent malware infections and minimize subsequent damage if a malware infection occurs.
IT and security leaders have several technology alternatives to consider when seeking to implement application control in their environments. The vast majority of application control solutions rely on some combination of whitelisting, blacklisting, greylisting, and reputation services. However, these signature-based solutions can be overly complex and difficult to maintain. What’s more, their “default deny” approach can cause significant user and help desk headaches when deployed in real-world environments.
There is a better way.
BeyondTrust PowerBroker for Windows represents the next logical step in application control. Like traditional application control, PowerBroker for Windows enforces restrictions on software usage, installation, and operating system configuration changes. However, it does not require a default-deny mode enforced by a third-party agent to keep systems secure.
Instead, PowerBroker for Windows defaults all users to standard user privileges and leverages rules and policies to elevate applications to administrator privileges, enabling them to function correctly. PowerBroker for Windows essentially “default-denies” inappropriate user actions while elevating application and task permissions. The solution therefore enables you to implement least-privilege best practices without obstructing productivity.
Rather than managing a complex whitelist with thousands of application signatures, PowerBroker for Windows customers usually only need to work with a few dozen rules. It also includes patented technology for Vulnerability-Based Application Management. Based on the BeyondTrust Retina Vulnerability Database, greylist rules can be created based an application’s published vulnerabilities and filtered by:
- Regulatory violations per PCI, HIPAA, NIST, ISO, SOX, GLBA, ITIL, etc.
- Vulnerability Severity from PCI and CVSS
- Age of the vulnerability since publicly released
These rules can be used to blacklist an application or even modify its privileges. Therefore, applications are controlled based on known vulnerabilities and advanced persistent threats per industry standards and regulations.
Interested in learning more? Check out our new whitepaper, “Application Control: The PowerBroker for Windows Difference.” It explains legacy approaches to the problem; adaptations to the model commonly used by other vendors; and why the least-privilege model is a must-have technology for any Application Control solution.