Eric Ogren

Application control coming your way

November 03, 2006 10:05 AM EST
Application control, and its sidekick device control, are making inroads in the corporate world for protecting managed desktops and servers. The name is pretty descriptive – application control steps in whenever a user launches an executable to issue an "approved" or not "approved" verdict. The technology works alongside traditional anti-virus, personal firewall, and intrusion prevention products for IT to control endpoint activity.

The primary motivation for deploying application control is that applications installed from unofficial sources are more likely to contain malicious code that can disrupt business operations or steal confidential information. Other application control benefits include restricting use of non-business applications (such as media players) to improve network performance or comply with HR guidelines, and managing endpoint configurations to enhance security and reduce help desk calls.

Typically application control relies on some variant of IT established white-list, black-list, and grey-list approaches that are checked when a user launches an application:

A white-list is a list of all the applications that users are explicitly allowed to execute. IT controls this list of permissible applications that have been vetted for security and business justification.

A black-list is a list of all the applications that users are forbidden to run. IT places executables on the black-list when they are associated with malware or unauthorized uses of corporate resources.

A grey-list is everything in between white and black lists. If application control cannot identify the application, then the user may place the app on a grey-list with extra auditing vigilance enabled so IT can make a subsequent thumbs-up/thumbs-down decision.

Implementing application control in an administrative-friendly way is more challenging than my simple description may lead you to believe, as the lists can become quite large for all the various user profiles. Good approaches are mindful of users needing to self-provision applications before IT can centrally approve them, normal IT operations requirements for software upgrades and patches, executable libraries that multiple applications use (and thus probably shouldn't be banned) and comprehensive reporting to appease the compliance auditors.

Application control is an interesting approach for organizations looking for automated tools to help exercise tighter management of endpoints. Companies that specialize in application control include Altiris, AppSense, Bit9, SecureWave, and soon Sophos. They are well worth checking out as good complements to identity-based access control and anti-malware products.