ManageEngine, the IT management division of Zoho Corporation, has announced the launch of Application Control Plus, advanced enterprise security software that brings together endpoint privilege management and application control capabilities. The move gives organisations greater authority over their critical applications by enabling control processes based on Zero Trust and threat prevention.
Many security problems arise due to the countless unsupervised applications running in enterprise networks. According to the National Vulnerability Database, the number of application-related security issues has increased 273% during the last decade, emphasising the importance of adopting a Zero Trust approach to application control. Despite enterprise implementations of a Zero Trust model by filtering and controlling applications, attacks leveraging applications’ privileged access persist. A combination of whitelisting, blacklisting and administering application-specific privileges is required to tackle the application-related threats.
Application Control Plus helps enterprises gain a holistic view of their network by aiding in the instant discovery and categorisation of authorised and unauthorised applications. With application-level privileged management and dynamic, rule-based whitelisting and blacklisting, Application Control Plus ensures only authorised access occurs, minimising an enterprise’s attack surface.
A comprehensive application control solution for Windows environments, Application Control Plus curbs both security breaches and nonproductive use of employee time by ensuring that only authorised applications are running.
Application Control Plus’ enterprise-oriented highlights include:
- Malware prevention: Limits the chance of malware intrusions and strengthens endpoint security by enabling IT teams to block malicious executables and allow only trustworthy applications.
- Rule-based list building: Simplifies list management by enabling IT teams to build application whitelists and blacklists based on rules like product, vendor, folder path, hash value and whether executables have valid certificates.
- Endpoint privilege management: Allows enterprises to establish the principle of least privilege on an organisational level by running business-critical applications with restricted privileges. It also prevents attacks based on privilege elevation or credential compromise by enabling need-based elevated access to applications.
- Flexible operation modes: Offer Audit Mode to enable admins to keep tabs on frequently used applications that have not been whitelisted or blacklisted yet. After quickly redefining their whitelists to include all critical applications, admins can switch to Strict Mode to allow only whitelisted apps to run.
- Controls to improve productivity: Allow blacklisting of applications that might hinder productivity, or are in general inessential to the seamless functioning of the organisation. This expedites the admin’s management efforts.
“Applications are ubiquitous and incredibly conducive to the productivity of any enterprise. However, they are also the biggest threat vectors in a network, so IT admins constantly have their hands full with application maintenance and access management,” said Mathivanan Venkatachalam, Vice President of ManageEngine. “By taking on a trust-based approach to filtering and controlling software, enterprises can eliminate a huge percentage of their security challenges.”
Keval Sukhadia, deputy Vice President, IT, at RBL Bank, was given early access to Application Control Plus. Commenting on his company’s experience with Application Control Plus, Sukhadia said, “Our bank was looking for an application control tool that would help us exercise control at the most granular executable level. The well-timed rollout of Application Control Plus’ beta ensured that all our requirements were met. With easy onboarding, this flexible solution fit right into our enterprise, ensuring heightened security.”
Going forward, ManageEngine plans to extend the capabilities of Application Control Plus to support macOS and other operating systems.