Application Control – Are We There Yet?
Every now and again, a technology comes along that just makes sense and you wonder how you ever got by without it.
Calculators, Fortnite, and GPS
I recall, as a child, my first time using a calculator and realising that this device was going to change my life and eliminate the drudgery of the multiplication and division tables that I had been learning off until then.
I spent countless hours trying to catch this device out with complex calculations, being amazed at the speed at which it could return accurate results that would have taken me forever to work out by hand. Hey, life in the west of Ireland in the ‘70s could be a little dull! Back then, Fortnite was not a computer game but a two-week period of time during which the rain might not let up.
Similarly, I recall my first time encountering GPS. I grew up with maps and compasses. I was an excellent navigator. I was the guy you wanted in the passenger seat heading on a long journey into unknown terrain. Mountains and rivers could be used to substitute for lack of road signs to confirm whether we were still on track or not.
I am blessed to have a wonderful wife, but even she will admit that she has a couple of flaws: 1) she doesn’t like to drive, and 2) she feels sick if she tries to read in a car.
Let’s just say that in the early years of our marriage this resulted in more than a few heated arguments when we found ourselves 20 miles off track in a car on holidays somewhere in the French countryside with three hungry kids in the back of the car continually asking, “Are we there yet?” All because she refused to look at a map. I’m pretty sure that our sat nav has saved our marriage and anyone who has travelled in a car with me is probably familiar with the sound of “Happy Holly” cheerfully keeping me on track. My wife and Holly coexist in a long-term relationship with me, without any signs of jealousy or rancour between them.
The World of Endpoint Security, Application Control, and Malware Protection
I had a similar reaction when I first entered the world of endpoint security many years ago and encountered Application Control.
Back then, malware was still somewhat in its infancy. A new strain of malware was propagating rapidly due to sad guys like me who just had to open a picture of the lovely Russian tennis star Anna Kournikova that they had received via email. I was working in the telecom industry at the time, but I could see that, for better or worse, security was a market that was going to grow and grow, and I felt that I had to be part of it.
When I first heard about Application Control, it was a technology that simply made sense in the battle against the malware writers and was the trigger for me to enter the industry. I soon began to realise, however, that while the concept was simple the practical implementation was anything but.
The concept? Well, it is that you have a set of applications that you know and trust and these are allowed to run. Everything else is blocked. Fairly simple, right? It just makes sense.
However, that is all well and good in a static world with a relatively small number of applications. Back when Anna Kournikova was gracing the tennis court that was probably valid. There really weren’t that many applications available for you to use to do your job, so it seemed reasonable to put these in a list and lock computers down so that only applications on that list could run.
However, as malware writers continued to discover security flaws in the computer operating system and in common applications, these had to be continually updated. As the Internet took off, there was an explosion in the sheer number of applications and utilities that became available to help users do their jobs more effectively. So, while creating a “whitelist” of allowed applications was relatively easy, maintaining that list was a huge challenge.
To address the challenge, vendors have changed from creating lists to creating rules that define what’s allowed and what’s not allowed to run. I’ve witnessed lots of innovation in this area to remove the complexity and make application control operationally simple. I talk to customers all the time, and while I meet some that have been burned in the past by the burden of a first-generation whitelisting solution, I see more and more customers adopting application control as part of a defense-in-depth strategy.
Are we there yet? I’m not sure we are quite there, but I think we are getting close. Let me know what you think.