Enhance Your Security: Empower Your Defenses with Application Control and Allowlisting
Typically, a windows computer is setup out of the box with administrator access. This means that staff are able to download, install and run any software, scripts, executables, and libraries on their device. This poses a security risk for Australian businesses. Small business doesn’t have a large team to manage and monitor this kind of security. This is where MSP’s like FordhamIT come in. We can lock down your devices, manage application control for you and make it seamless for your team.
Even when you have limited user accounts, for example if you run a central Active Directory Server or are using EntraID to manage accounts; Users or potential threat actors are still able to install applications that don’t require admin approval, run scripts that could potentially export data or install web browser plugins that may me malicious.
What is Allowlisting?
Long considered the gold standard for security and protecting businesses from known and unknown threats; Allowlisting adopts a “Deny by Default” approach. Unlike Antivirus software, allowlisting controls what software, scripts, executables, and libraries can run on your devices. This means that only items on the “allowlist” are permitted and everything else is blocked. This not only stops malicious threats but also stops unwanted or unapproved software installs.
How does it work?
As mentioned earlier, allowlisting uses a list of approved items to ensure only approved software and scripts are able to run. By doing this you can ensure that your businesses devices are secured and only the software you approve can run. This makes it much harder for an attacker to gain a foothold in your network.
This approach also greatly minimises the risk of threats and stops malicious applications before they can even be installed to your teams’ devices.
With previous systems, you would need to compile this list yourself and manually update it. This was time consuming and costly for the business, usually reserved for enterprises. With our solution there is a 3-week learning period. In this time, we learn what software your staff are using day to day and the system compiles a list of applications. This can then be reviewed and updated as needed.
How this helps your team?
This solution can give your team confidence that they are secure while completing their work. In combination with an Antivirus, Endpoint Detection and response and email security, they can feel secure knowing that they have enterprise level security.
The system we use also allows your staff an easy process to request access to software. If the software they need is not on the allow list, they can simply press the “request” button that appears when they try to install it. We can then review and if deemed acceptable by the business we can add it to the list, the team member is then prompted that they can now install their software.
Testing Environment
When an application is not on the allowlist, the staff member will request access to it. This could include software, a browser add-in or a system setting. Once we receive the notification, we can run the requested application in the testing environment. This allows us to verify that the software does not look malicious and checks for various signs of malicious activity.
Allowlisting vs. Blocklisting
While allowlisting employs a “Deny by Default” approach, blocklisting blocks specific items but allows everything else. Its not possible to have a blocklist that contains everything bad or unwanted, there are new software and threats coming every day.
Allowlisting gives you the power to block existing and unknown threats, as only items allowed by the organisation are permitted. This method results in a much higher security posture for the business.
Elevation Control
While it is important to restrict admin access, some applications may require this to run or update. Our solution gives you the option to allow specific programs to run with admin privileges, while keeping the rest of the system locked down.
Say your line of business system runs regular updates, we can allow that program only to run as admin to perform the update. This allows seamless updates for staff members as they don’t need to do anything or contact IT to run the update.
Real world examples
Below are some real world examples of how threats can be executed even on users with no administrator privileges.
- Word Documents – scrips and macros can be embedded in word documents, when the staff member opens the document, the script runs. This script could do any number of things including exporting data to the attacker or running malicious software. This can be blocked by our application allowlisting. Word is disallowed from interacting with terminals or scripts.
- Scripts to export data – Scripts can be used to run commands that may be perfectly valid and not seem malicious. When combined however, they can do any number of things including exporting data to remote locations or installing malicious software and viruses. Through application allowlisting, we block scripts from accessing the internet to upload or download anything.
Help with Essential Eight
Application control is also part of the Australian governments essential eight security framework. The solution can help you to meet the requirements now or into the future.
Wrap Up
Allowlisting and Application control can provide your business with a substantial uplift in your security posture. In combination with an Antivirus, Endpoint Detection and response and email security, you can feel secure knowing that your business has enterprise level security. We work with Australian businesses just like yours to implement these solutions ensuring you have top notch cybersecurity.