What is Application Control?
Application control is a critical cybersecurity measure designed to prevent unauthorised or malicious software from executing on an organisation’s systems. By allowing only approved applications to run, it significantly reduces the risk of malware infections and unauthorised software use. This strategy is a cornerstone of the Australian Cyber Security Centre’s (ACSC) Essential Eight mitigation strategies, underscoring its importance in safeguarding information systems.
Assessment Guidlines
ISM Control | Essential Eight Requirment | Assessment Guidlines |
---|---|---|
ISM-0843 | Application control is implemented on workstations. | Check whether an application control solution has been implemented on workstations. |
ISM-1870 | Application control is applied to user profiles and temporary folders used by operating systems, web browsers and email clients. |
Check whether the application control solution implementation covers, at a minimum, user profiles and temporary folders used by the operating system, web browsers and email clients. Note, this is only applicable to implementations reliant on path-based rules as the use of publisher-based rules and hash-based rules automatically apply across the entire system. |
ISM-1657 | Application control restricts the execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications and control panel applets to an organisation-approved set. |
Due to the complexity of advanced file system permissions, and various user groups that a user account may belong to, the only truly effective way to check application control implementations is to attempt to write to and execute from all locations accessible to a user on the file system. SecurE8 performs this test with every scan, AirLock Digital’s Application Whitelist Auditor, and CyberArk’s Evasor are also great tools for validating effectiveness. In choosing a tool to use, make sure that it has been thoroughly tested beforehand to ensure it is fit-for-purpose. If the system owner is only willing to allow the use of trusted Microsoft tools, the SysInternals AccessChk application can be used to generate the output of folder permissions, noting this is only relevant to path-based implementations. For example, by running ‘accesschk -dsuvw [path] > report.txt’, it is possible to generate a list of all writable paths and their access permissions for all users. Note, the ‘whoami /groups’ command would also need to be run to determine which user groups a typical standard user belonged to in order to determine the effective permissions for each path. Alternatively, PowerShell cmdlets can be used to test and review AppLocker policy where applicable. |
Benefits of Application Control
Implementing application control provides organisations with robust security and operational advantages. By allowing only pre-approved software to run, it significantly reduces the risk of malware infections and prevents unauthorised applications from compromising systems. This proactive approach to security decreases the attack surface, enhancing overall system resilience. Furthermore, application control facilitates compliance with regulatory standards, ensuring that organisations adhere to strict software usage policies and protect sensitive data effectively. In addition to bolstering security, application control improves operational stability, as only verified applications are permitted to run, reducing system crashes and performance issues. By managing software more effectively, organisations can optimise resources like system memory and network bandwidth. This measure also reduces the risk of data exfiltration, as unauthorised programs that could transfer sensitive information are blocked from execution.
Challenges and Considerations in Implementing Application Control
Despite its benefits, implementing application control involves several challenges that must be carefully navigated. Developing and maintaining effective policies can be complex, particularly in dynamic environments where application requirements frequently change. Organisations need to continuously update their control policies to accommodate new legitimate software without inadvertently introducing vulnerabilities. Another significant challenge is user resistance, as restrictions on software use may be perceived as an obstacle to productivity, potentially leading to dissatisfaction. Striking a balance between security measures and user needs is critical to fostering cooperation. Additionally, regular updates and testing of application control rules require dedicated resources and can be labour-intensive. Errors in configuration may inadvertently block necessary applications, causing operational disruptions. Finally, sophisticated attackers may attempt to bypass these controls, requiring organisations to stay vigilant, informed, and adaptive to emerging threats.
Best Practices for Effective Application Control
To maximise the effectiveness of application control, organisations should implement several best practices. Keeping an up-to-date inventory of approved applications is essential for maintaining comprehensive and accurate policies. Regular reviews and updates to application control policies ensure alignment with organisational needs and adapt to the evolving threat landscape. Educating users about the purpose and importance of application control is equally important; this helps mitigate resistance and creates a culture of security awareness. Integrating application control with other security measures, such as patch management, network segmentation, and access controls, strengthens the organisation’s overall defensive posture. Implementing robust monitoring and logging mechanisms allows for the detection of unauthorised application execution attempts, enabling swift responses to potential security incidents. By following these practices, organisations can enhance the effectiveness of their application control initiatives while minimising disruptions.
Conclusion
In conclusion, application control is a vital component of an organisation’s cybersecurity framework. While it offers significant benefits in enhancing security and compliance, it also presents challenges that require careful planning and management. By adopting best practices and staying vigilant, organisations can effectively leverage application control to protect their information systems.