Apr 21, 2022

Is Your Organisation Wrangling its Application Whitelisting Tool?

Is your organisation wrangling your Application Whitelisting tool? A recent survey concluded that over 84% of Australian organisations were unsatisfied with their existing tooling. This survey involved over 500 enterprise organisations across Australia, who said their incumbent solution was 'working' to a degree but reported several issues.


Critical issues reported include:

  • Lack of flexibility
  • Frequent time-intensive policy changes
  • Inability to meet particular maturity models (ACSC E8, NIST etc.)
  • Unable to scale to non-WindowsOS (i.e., Linux)
  • Resource intensive administration

What is Application Control?

Application control is a security approach designed to protect against malicious code (also known as malware). It ensures only approved applications (e.g. executables, software libraries, scripts, installers, compiled HTML, HTML applications, control panel applets and drivers) can be executed when implemented robustly. While application control is primarily designed to prevent the execution and spread of malicious code, it can also prevent the installation or use of unapproved applications.

How to Implement Application Control?

Implementing application control involves the following high-level steps:


  • Identifying approved applications
  • Developing application control rules to ensure only approved applications are allowed to execute
  • Maintaining the application control rules using a change management program
  • Validating application control rules on an annual or more frequent basis

When determining how to enforce application control, the following methods are considered suitable if implemented

correctly:


  • Cryptographic hash rules
  • Publisher certificate rules (combining both publisher names and product names)
  • Path rules (ensuring file system permissions are configured to prevent unauthorised modification of folder and file
  • permissions, folder contents and individual files).

Conversely, the use of file names, package names or any other quickly changed application attribute is not considered suitable as a method of application control.

In addition to preventing the execution of unapproved applications, application control can contribute to the identification of attempts by an adversary to execute malicious code. This can be achieved by configuring application control to generate event logs for allowed and blocked executions. Such event logs should ideally include information such as the name of the file, the date/time stamp, and the user's username attempting to execute the file.

Finally, application control mustn't replace antivirus and other security software on systems. Using multiple security solutions together can contribute to a practical defence-in-depth approach to
preventing the compromise of systems.

How Can Service Quality Help?

Ivanti's Application Control suite integrated by Service Quality is an easy to consume solution combining dynamic allowed lists and privilege management to prevent unauthorised code execution without manually managing extensive lists.

Many Government Departments, Financial Institutions, and Educational and Commercial organisations across Australia trust Ivanti's Application Control suite to achieve Security Compliance for Whitelisting, including standards such as the ACSC Essential 8, SANS/CIS top 20, and NIST.

What are the Benefits of Ivanti Application Control?

 Ivanti's Application Control solution has several benefits, including the obvious, which is the whitelisting of trusted applications. However, this involves a lot less administration than competitive solutions meaning organisations don't have to invest in additional headcount. Perhaps the most significant benefit of Ivanti Application Control is the granular privilege management. Organisations can limit application admin privileges for their employees without impacting productivity and, most importantly, the user experience.

This privilege management functionality revolves around specific user profiles. As a result, employees get access to precisely what they need without the overexposure of admin rights. This user experience is crucial as the vast majority of organisations have already significantly impacted their users by adapting to the security requirements of  'everywhere workplace' COVID presented by using traditional privilege management/administration access methods.

The bonus is that organisations who invest in Ivanti's Application Control solution can implement three of the eight Essential 8 strategies within a single application (Application Control, User Application Standard, Restrict Administration Privileges). This is a big win for organisations, especially those in a race to get to a certain maturity for regulatory or compliance reasons.

About Service Quality:

Founded in 2007, Service Quality survives on a simple but powerful idea: empower you to do more with your Service Management and Security solutions. With cutting-edge support and award-winning security and service management practices, you can be sure that Service Quality will help maximise your Service Management investment. Today, hundreds of thousands of users rely daily on Service Management and Security solutions designed and implemented by Service Quality to make their work flow.

References:

  1. https://www.cyber.gov.au/acsc/view-all-content/publications/implementing-application-control

Written By: Angus Kenny - Director of Enterprise Solutions

BACK TO BLOG