Any workplace should be able to provide all the software staff need to do their jobs effectively. However, if employees are allowed to install and run any application without restriction, this could cause serious problems. A new program may crash a stable system or turn out to be spyware or malware. Moreover, users might abuse the privilege to install games that will obviously distract them from their work. The Application Control implemented in Kaspersky Endpoint Security 8 can help ensure employees are able to work without hindrance, while preserving IT infrastructure security.
Application control is intended to check the authenticity of an application. Initially it verifies an app in local lists made up by the IT specialists of the company. If the software in question isn’t on those lists, a request is sent to the Kaspersky Security Network (KSN) cloud service. KSN’s database contains more than 500 million programs, with 1 million more added every day. With so much data, it’s possible to identify the vast majority of legitimate software.
Based on local data and data gained from the cloud, Kaspersky Endpoint Security assesses an application’s reputation and places it in a certain category: browsers, multimedia, educational programs, etc. A separate “golden category” is assigned for system applications and drivers. If the check results are successful, an application is put on a local allowlist; if the data received is not conclusive, it goes on a grey one. In the latter case Kaspersky Endpoint Security makes a heuristic analysis of the application to spot any possible threats.
After the check is completed, Application Control allows the software to access data, system and net resources in compliance with the company’s security policies. IT specialists may use their own settings or apply one of two ready-made scenarios. The first one – Default Allow – allows any application to run unless it is expressly prohibited. It is a good option for employees, though an IT team has to take into consideration the possible risks of a dangerous application launch. Therefore, the second option, Default Deny, is better from a security point of view. Default Deny allows only authorized programs to run, which rules out any third-party applications that might distract specific employees or the entire workforce during business hours. The Default Deny option requires high-quality allowlists – there should be no dangerous applications included, as just one application could mean a breach of system security.
Thanks to the flexible settings of the Application Control module, IT specialists can create groups of users with different sets of authorized applications. It’s also possible to specify time periods for certain programs or categories, allowing employees to play computer games in their lunch break, for example.
Additional computer security is provided by a vulnerability scanner, which checks the operating system and any installed programs for potentially dangerous holes in their code. If a vulnerability is found, it can be covered until a proper patch is released, meaning attackers won’t be able to use it to infect the system.
While we’re on the subject of allowlists, it’s worth mentioning that high effectiveness of this technology has been corroborated by tests conducted by the independent specialists at West Coast Labs. During testing, Kaspersky Endpoint Security 8 succeeded in identifying more than 93% of legitimate programs on average, with a result of almost 98% for software created in North and South America.
The combination of Application Control and allowlists gives IT specialists considerable flexibility when it comes to the programs employees can run. This is an important element of IT infrastructure and corporate data security, which also helps maintain employee efficiency.
More on Application Control and allowlists: Read the extensive technology overview at Securelist.