Device control, application control and dynamic whitelisting

What kind of corporate network would be considered secure? Primarily one that is controlled by its operators, or in other words, a network in which the system administrator knows where,

What kind of corporate network would be considered secure? Primarily one that is controlled by its operators, or in other words, a network in which the system administrator knows where, what, when and why something happens. In the case of an emergency, this administrator would have an arsenal of tools ready to avoid accidents or to minimize consequences, if necessary.

Malicious software is just one of the reasons networks need to be secure, and they’re not necessarily the most dangerous reason either. Today, the majority of people already know about viruses and Trojans, and even know some ways to defend against them. However, business owners and system administrators could face many other attacks that are cause for headaches.

A recent survey by IT Governance states that 54% of companies consider their own employees the main threat to IT security. This implies a lot. Besides bringing up the question of mutual trust between employers and employees, personnel also need to be taught the basics of IT security because virtually everybody works on computers now.

Accordingly, all staff should ideally be aware of possible threats they may face. But as the numbers in the above mentioned survey show, we are still very far from the ideal. The same survey also indicates that only 30% of respondents say an understanding of current IT security threats is a prerequisite for board-level job candidates.

The task of the system administrator is to provide total control of the situation within the corporate network.

There is therefor a need for an automated means to ensure control. In Kaspersky Endpoint Security for Business, we implemented a series of tools just for that – Application Control, Dynamic Whitelisting, Device Control and Web Control.

To perform their jobs, employees use a specific set of programs. It’s therefor extremely important for corporate networks to have the option to limit and block unwanted programs (unauthorized, illegitimate and improper software), especially when it comes to control centers, industrial facilities, financial institutions, military facilities and special purpose devices (e.g. ATMs and various terminals).

It should be noted that controlling the launch and operation of applications also allows you to block outside attacks in vulnerable applications. Hackers often use whole sets of malicious programs that target vulnerabilities in popular software such as Adobe Flash Player, Oracle Java, etc. These programs are practically ubiquitous.

Application Control allows the blocking of any unauthorized action of any applications, including even the most legitimate ones.

Read more on the principles of Application Control here.

 

Dynamic Whitelisting

There are two basic approaches to security. The first, and more traditional one, suggests that any applications within in an information system are allowed to launch by default unless they are already included in the “black lists” of malicious software. The second approach assumes that only the applications previously included in the “whitelists” or databases of trusted applications are allowed. Everything else is blocked by default. Within a corporate network, only approved programs listed are allowed to launch. The Default Deny approach blocks starting any software that is not on the “trusted” list.

Kaspersky Lab’s solution simplifies the implementation of whitelisting and makes the lives of IT pros easier. Our clients’ systems receive whitelisting updates via the cloud of Kaspersky Security Network.

Kaspersky Lab is the only company with its own division for making up whitelists.

 

Device control

Users may operate various devices like flash drives and smartphones within corporate systems. To provide security for them, it’s necessary to control their usage because they are a potential vector for critical data leaks and malware infiltrations in the corporate network.

It is possible to control the access of devices depending on their connection, types or serial numbers. Moreover, you can set a schedule for such measures. For example, you may allow users to connect removable devices only during working hours.

And the last  but certaintly not the least function is…

 

Web Control

Kaspersky Lab’s Web Control tool allows you to monitor employee activity on the Internet and filter web resources in accordance with the adopted corporate policy. You can allow, block, limit, or simply keep track of users’ access to specific websites or categories of websites, including social networks, online gaming and, more importantly, malicious web pages, which are enough to be visited just once by any employee to bring problems to the whole company.

Restrictive measures, of course, will hardly be popular amongst employees, but the question here is prioritization.

To be continued

Tips