Application control is a security technology that recognizes only safelisted or “good files” and blocks blocklisted or “bad files” passing through any endpoint in an enterprise network. It is useful for securing networks with BYOD (Bring Your Own Device) policies as it prevents potential damage from unwanted or unknown applications (executables, DLLs, Windows App store apps, device drivers, control panels, and other Portable Executable (PE) files).
Application control and other safelisting technologies are vital in dealing with threats against single-purpose systems like PLCs (ICS/SCADA) and PoS. In these kinds of systems, the functions that need to be enabled are very limited and specific. Because of this, it is relatively easy to specify files that are allowed to pass through safelisting filters.
Products with the application control feature can allow granular control for IT administrators. It can be used to limit application usage to a specific list of applications for specific users or endpoints. It not only blocks unwanted malicious downloads, it also protects against unauthorized malicious insiders who may try to download threats into the network.
Related Terms : Safelisting, Blocklist, PoS (point-of-sale) malware, SCADA
Related papers or primers :
.Bit Domain Used To Deliver Malware and other Threats
Related infographics :
Empowering Endpoint Security
Protecting Point of Sales Systems from PoS Malware
Trend Micro Endpoint Application Control
The GRID: Goodware Resource and Information Database