Reducing Attack Surface with Application ControlBy Mike Rothman
Attacks keep happening. Breaches keep happening. Senior management keeps wondering what the security team is doing.
The lack of demonstrable progress [in stopping malware] comes down to two intertwined causes. First, devices are built using software that has defects attackers can exploit. Nothing is perfect, especially not software, so every line of code presents an attack surface. Second, employees can be fooled into taking action (such as installing software or clicking a link) that enables attacks to succeed.
Application Control technology can have a significant impact on the security posture of protected devices, but has long been much maligned. There was no doubt of its value in stopping attacks, especially those using sophisticated malware. Being able to block the execution of unauthorized executables takes many common attacks out of play. But there is a user experience cost for that protection.
In Reducing Attack Surface with Application Control, we look at the double-edged sword of application control, detail a number of use cases where it fits well, and define selection criteria to consider for the technology.
Keep in mind that no one control or tactic fits every scenario. Not for every company, nor for every device within a company. If you are looking for a panacea you are in the wrong business. If you are looking for a technology that can lock down devices in appropriate circumstances, check out this paper.
Conclusion: Application control can be useful – particularly for stopping advanced attackers and securing unsupported operating systems. There are trade-offs as with any security control, but with proper planning and selection of which use cases to address, application control resists device compromise and protects enterprise data.
We would like to thank AppSense for licensing the paper and supporting our research. We make this point frequently, but without security companies understanding and getting behind our Totally Transparent Research model you wouldn’t be able to enjoy our research.