Secure and Control Users' PCs with Application Control
*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.
As every battle-scarred desktop admin knows, there is no silver bullet for securing PCs. More than any other area of IT, PC security is a perpetual wave of push and pull between software vendors and potential attackers. In many ways, vendors, IT pros, and users have been lulled into a false sense of security in recent years. The mega worms of the early 2000s, which instantly – and very visibly – wreaked havoc with tens of millions of corporate and personal PCs, are much less visible in recent years. Recent attacks are much more focused and nuanced, but they largely prey on the same combination of software vulnerability and user behavior.
The recent wide-scale security breach at Target is a perfect example. This breach had far-reaching impact on millions of people (myself included) and was widely covered by the mainstream media. However, if you were to ask even a well-informed observer, they would likely chalk the incident up to Target allowing their specialized point-of-sale software to be hacked. While this was ultimately the end result, a leading theory, is that the original entry point for the breach was a familiar story: a malicious program delivered via e-mail and executed by a user at one of Target’s HVAC vendors.
This not a unique example. Other targeted attacks, including the high-profile breach at RSA Security, were also traced back to the actions of one user on a single endpoint. While we aren’t seeing and feeling worms hit our PCs with the same visibility and frequency as once did, high-impact endpoint security failures are alive, well, and causing more financial harm than ever.
Meanwhile, the stage is set for the problem to get worse with the official end-of-support for Windows XP next week. A still-large population of PCs will now go unpatched indefinitely even as new vulnerabilities are discovered.
So what can you do about it?
One of the best ways to stop an attack that is triggered by user interaction with software is to tightly manage what users can do at the endpoint. This is a difficult balance. If you move too aggressively to lock down devices, users quickly become dissatisfied and less productive. Conversely, if you give users free rein, you are opening up a large attack surface for malware to poke at.
Independent security analyst Mike Rothman of Securosis covers this topic in depth in his recent report, “Reducing Attack Surface with Application Control,” which is now available as a free download.
Mike and I also recently discussed application control at the endpoint from a number of different angles on a recent webinar, “Reducing Attack Surface with Application Control,” which is available for on-demand replay on our website as well.
Traditional endpoint security methods such as antivirus are not going away anytime soon, but the proactive nature of application control makes it an important addition to your endpoint security strategy. Like most security measures, it requires a careful balance between security and user experience. However, if done correctly, it can greatly reduce your endpoint security exposure.