In all organizations, users utilize several types of applications. Some are essential for business purposes, while others are used by users to improve their productivity and collaboration. Depending on the cybersecurity posture, not all these applications undergo verification by administrators, which can potentially expose the company to security incidents.
By design when a user runs any application, the process gains the same level of access to data as the user. This means that in a scenario where the application contains malicious or potentially unwanted components, the application can access sensitive information, which may be easily deleted or sent out of the organization.
Application control plays a crucial role in the prevention component of a multi-layered security strategy. It is used to manage and control the execution of software applications on computers and servers within an organization's environment. In this article, we will describe the Bitdefender Application Control component which is available only for on-premise GravityZone.
During the discovery phase, which must be run manually by the administrator, our system identifies applications and processes in the environment. The administrator can access a comprehensive list of these discovered applications in the network's application inventory, which includes details such as names, versions, publishers, locations, and more.
The application inventory not only automatically organizes all processes under their corresponding applications but also offers improved configuration choices with a higher degree of granularity. An illustration of this can be seen with the Microsoft Edge application displayed below.
Once the discovery phase is complete, the administrator can efficiently create and evaluate policies by disabling the system's “Test Mode”. In this testing mode, Application Control exclusively identifies and generates reports for the applications listed in the Control Center, allowing them to operate without hindrance.
In the absence of the Test Mode, Application Control will promptly initiate the processing of rules and enforce the permissions set by the administrator, determining whether execution should be allowed or blocked.
Administrators can configure and evaluate whitelisting rules and policies, with no interference with the application operation.
To set Application Control rules based on the unknown hash of the executable or the certificate thumbprint, an administrator has to download and run locally “fingerprint.exe” software which is available to download on the Bitdefender Support Page with detailed instructions. Fingerprint will generate the required attributes that can be employed during the configuration process.
To learn more about the technologies included in the Prevention layer we recommend reading the next article Content Control.
Bitdefender Application Control official website: Bitdefender Application Control