What is Application Control?
Apparently, Application Control is whatever the salesperson says it is! NOT!
2017 is going to be another big year of change for Cybersecurity professionals as hackers continue their successful campaigns to phish, breach, and collect ransom money. And vendors will continue to add new “Application Control” products to their portfolios, and market each of them as “the next generation solution to stop all malware”. If only half of those sales messages were true, we would have seen a significant decline in breaches by now.
Do I really need Application Control?
YES! Application Control is the #1 Recommended Malware Mitigation Strategy that effectively stops malware and blocks breach attempts. But many vendors are identifying their products as “Application Control” when they are not. And there are some forms of Application Control which are not as effective as others. The two major types of “App Control” are “Installation Control” and “Execution Control”. Installation Control only allows installation per a set of fixed rules based on known threats. Execution Control blocks software that’s not been pre-approved to run. But different versions of Execution Control vary in their effectiveness. Some do not block malicious DLLs or Scripts. It’s important that you use an Execution Control product that blocks all unknown, and unwanted software.
So why apply the term “Application Control” to so many different types of products?
Many vendors either don’t have an effective Execution Control product, or the type of product they do have is so painful and costly to use, few want it. For example, if the “application control” product targets specific malware (i.e. ransomware) based on known signature or behavior, that’s actually blacklisting; which is just antivirus and roughly only 45% effective against new malware variants. Then there’s “application control” that isolates new Apps in a virtual environment and quarantines based on bad behavior (this is just another form of blacklisting), which is sandboxing. Helpful, but still not enough to prevent hackers’ security breaches. And there’s “application control” by regulating the user privileges, which is really user admins and maybe a whole bunch of rules for individual Apps. Sounds great until you add up all the workhours to stay on top of it, and have to write new rules for every zero-day discovery. And then there’s “Installation Control” which seems like an effective “Application Control” until you realize that it doesn’t stop any unruly software from running.
“Execution Control”, the most effective form of “Application Control”, controls which software is allowed to run by using a list of allowed Apps (a trust-list or whitelist). Anything that’s not on the trust-list list is always blocked, including known or unknown malware, future variants of malware, unwanted Apps, etc. Execution Control is proven to be the SINGLE MOST EFFECTIVE MITIGATION STRATEGY TO STOP MALWARE! Unfortunately, traditional Application Whitelisting failed to catch on because it was too costly to deploy or manage. Now there’s a new Execution Control technology that overcomes the shortcomings of Application Whitelisting.
White Cloud Security has created true Application Control/Execution Control technology, built on the concept of Application Whitelisting, and is low cost, simple to use, and highly scalable! Because this blog is all about getting past the sales spin, I’ll end by saying this: Find out for yourself with a free trial.