1. Home
  2. Bouncer
  3. Intuitive Administration

Key BOUNCER Features: Intuitive Administration

View Related Resources

When it comes to application whitelisting, intuitive administration is critical to its ultimate success. Truly achieving application whitelisting's security advantages requires that your IT staff isn't overrun with administrative problems and user complaints. CoreTrace is committed to delivering a BOUNCER administrative experience that is intuitive, flexible, and efficient.

Manage Applications Not Files

A historical problem with application whitelisting is that many solutions simply provide you with a list of executables without the context of the application they belong to. This can be especially confusing for the many DLLs and other executables that are not named intuitively.

BOUNCER helps you manage the applications in your environment, not just the files. From the moment you install BOUNCER it organizes and names the executables on your protected systems into logical application groups. Any subsequent application additions or upgrades through our industry leading Trusted Change process also creates new application groups so you can manage your applications, not just files.

In addition to the creation and identification of applications, BOUNCER provides insight into the varying levels of application assurance.

  • CSI:
    The CoreTrace Software Intelligence (CSI) application database contains information on millions of known and validated applications from all the world's major software vendors. We use this database to identify and validate the checksums, file names, digital certificates, and sizes of your executables. Applications found in this database have a high level of assurance and provide you insight down to the individual file level for every binary in a given application group.

  • Self:
    We know that not every application will be captured in a global application database like our CSI. Businesses routinely create internal applications to meet their unique business needs. For these cases we allow BOUNCER administrators to organize and name their own applications that can then be used to track and manage these applications across the organizations. This process is as simple as installing your application and giving it a name. From that point onward we will recognize these applications across all your endpoints.

  • Unknown:
    There are instances where there is no assurance information for a given application group. In these cases BOUNCER tags the application group as "Unknown" so you can see the executables associated with the application and you can find out more about it if desired.

  • Assurance escalation:
    For those applications that are "Unknown", you have the capability of escalating their assurance level to "Self" assured to indicate that you have independently validated the application.

Trusted Change Is the Key to Whitelisting Success

Application whitelisting's great strength is ensuring that unauthorized applications cannot be executed. Unfortunately, simply locking down all endpoints and preventing any application changes won't work in today’s dynamic IT environment where applications are regularly added and updated to meet your users needs. For any application whitelisting solution, effectively and simply managing change is the cornerstone of success.

In order to effectively lower TCO, application whitelisting solutions must have some way of automating changes to protected systems. Any solution that cannot is a form of "lockdown" — where every single installation, upgrade, or update sits in a queue waiting for IT staff to evaluate, approve, or deny the change. You get complete control but at a huge cost in person-hours and user frustration.

Trusted Change is BOUNCER's patent-pending answer to lockdown. By allowing several trusted ways in which users can upgrade their systems or install new, approved applications, BOUNCER lowers endpoint TCO and IT frustrations while maintaining rock-solid security at all points in the chain.

You define the boundaries of trust in advance, and you base them upon what makes sense for your enterprise, i.e.,

  • Do you use a network software share or maybe one by each department?

  • Do you have a patch management system that automates delivery to endpoints?

  • Do you want administrators to be able to install any new applications without interference?

  • Do you want to enable certain users to download applications while traveling and disconnected from your network?

However you choose to define trust in your enterprise, BOUNCER's Trusted Change can work with you. Users operate within your pre-defined parameters to install applications — either permanently or temporarily. Once a change is complete, BOUNCER automatically generates a delta whitelist and records the configuration change for reporting purposes. Users are happy, safe, and productive, and your IT team is not crushed under an ongoing barrage of help desk calls.

You can define trusted entities in multiple ways:

  • Trusted Application:
    Any individually approved application (verified by the size and hash of its installer) can be installed.

  • Trusted Network Share:
    Any secured organizational network share with preapproved applications can become a source of Trusted Change.

  • Trusted Digital Signature:
    Any digitally signed applications can easily be installed or updated — even if they were released today and downloaded from the Internet.

  • Trusted ActiveX Installation:
    Key ActiveX controls can be dynamically added to the whitelist.

  • Trusted Updater:
    Any individually approved update system (such as a management application or patch management utility) can commit changes to the system.

  • Trusted User:
    In certain environments, IT-specified Trusted Users can manually approve the installation of any applications, and then IT is notified of all changes.

Implement Flexible User Modes

By implementing Trusted Change capabilities like Trusted Updaters and Trusted Applications, you enable transparent and automatic additions for most upgrades and new applications. But when you deploy application whitelisting to protect your users' endpoints, you need flexibility to meet a variety of user environments. Your users aren't all the same and BOUNCER provides you the ability to provide them with four options for managing application change.

  • Allow
    Many of your users need the ability to approve, install, and execute their own applications. This Trusted User mode allows selected users (e.g., administrators) to install and execute applications they need to effectively do their job — without any interference. BOUNCER still protects against non-user initiated changes and keeps a record of any and all application changes for IT review, audit, or reversal.

  • AllowQ
    Users can be given AllowQ privileges where they can also install, update, or execute new applications on their endpoint. Unlike Trusted Users with Allow privileges, the users given AllowQ privileges have each application they approve appear on the BOUNCER AllowQ for administrative review and approval. The application appears on the administrator's AllowQ with details of the application, the user's reason for installing it, how many other users have requested it, and what its application assurance level is, i.e. is it on the CoreTrace Software Intelligence (CSI) database. IT administrators can easily approve the application for the individual user or the entire security group the individual is in, or they can ban the application. IT decisions are then automatically conveyed back to the requesting user to close the loop.

  • BlockQ
    For many users, you don't want them adding or approving their own applications, but you would like to provide them with an easy mechanism to request authorization. The BOUNCER BlockQ privilege provides them with this ability. When a user attempts to install or execute a new application, they are notified that this is not an approved application, but BOUNCER allows them to request approval. Once requested, the application appears on the administrator's BlockQ with the same application intelligence described in the AllowQ option. The administrator can then approve the application for the security group or simply block it. Like the AllowQ, IT decisions are automatically conveyed back to the requesting user to close the loop.

  • Block
    This is the default mode of operation. In this mode, users are notified when they attempt to run an unauthorized application and the attempt is logged for IT review and audit in the future.

Next Steps

  1. Sales and Evaluations

    If you are thinking application whitelisting is a possible solution to problems or pains within your organization, pick up the phone and call one of our representatives today at 512-592-4111, or click below to request a call back.

    Contact us now.

  2. Additional Resources

    CoreTrace has many whitepapers, case studies, webinars, and demonstrations that can help you learn more about BOUNCER's real world benefits.

    Browse the Resource Section.

 
 
 

© 2011 CoreTrace Corporation. All rights reserved.