Is Your Windows Application Control, Controlling Enough?
March 23rd, 2017
Microsoft Windows application control solutions are designed to block the execution of unauthorized applications via whitelisting, blacklisting, and more recently “greylisting.” These approaches can be used to protect your organization’s servers, workstations, laptops, tablets, and fixed-function devices. Application control solutions can also hinder advanced persistent threats via policy enforcement and dynamic trust modeling. In addition, they typically do not require signature updates or labor-intensive list management for greylisting applications.
Want to learn more about controlling Windows applications in your organization? Get this technical brief, Application Control: The PowerBroker for Windows Difference
get it now
Application control solutions provide organizations with several security and cost benefits, including:
- Protection from unwanted applications: Prevent undesirable code from running via executable files, Java apps, ActiveX controls, scripts, and specialty applications.
- Reduced help desk costs: Reduce the costs associated with identifying and removing inappropriate software by maintaining control over application installations and system configurations.
- Patching flexibility: Delay patch deployment until your regular patch cycle by ensuring that only trusted applications execute.
- Centralized management: All systems under management can report application usage, software metering, and rogue and malicious software to the solution.
However, there are limits to what typical application control is capable of and often infer higher than expected costs and time to implement.
There is A Better Way to Reduce Windows Application Security Risks
BeyondTrust’s PowerBroker for Windows offers a complete solution for least privilege. It enforces restrictions on software usage, installation, and operating system configuration changes. However, it goes beyond a default-deny mode of enforcement.
PowerBroker for Windows defaults all users to standard user privileges and leverages rules and policies to elevate applications to administrator, (or another security principal as required) privileges, enabling them to function correctly. By using a native operating system security model (from Microsoft Windows 7 and higher), PowerBroker for Windows essentially “default-denies” inappropriate user actions while elevating application and task permissions. PowerBroker for Windows therefore enables you to implement least privilege best practices, including application control, without obstructing productivity.
Rather than managing a complex whitelist with thousands of application signatures, PowerBroker for Windows customers usually only need to work with a few dozen rules. These rules, hosted in either Active Directory Group Policy or BeyondTrust’s IT Risk Management Platform, can be based on Publisher, Path, URL, Active X Control, MSI, and a wide variety of other criteria. PowerBroker for Windows even ships with a Rule Library for the most common programs to expedite implementations.