Over-reliance on basic allowlists and blocklists can leave an organization vulnerable. Gaining visibility and creating comprehensive policies that encompass all discovered applications, not just frequently used ones, is crucial for creating effective network security policies and achieving a zero-tolerance approach to unmanaged applications.
There are two primary strategies for addressing unmanaged applications: allowing or blocking their use. While a Zero Trust approach often favors blocking for strict network control, it can disrupt IT operations and lead to increased administrative overhead with access requests whenever an inadvertently restrictive allowlist policy is implemented. Furthermore, all newly installed applications will be blocked by default, falling under the category of unmanaged software. Balancing security and productivity is key to effective unmanaged application management.
Endpoint Central's Application Control offers the flexibility modes Audit Mode and Strict Mode to preview the impact of blocking or allowing unmanaged applications. Audit Mode enables testing and monitoring of unmanaged applications. Both allowlisted and unmanaged applications can run simultaneously while events are collected. After analysis, admins can address unmanaged applications by adding them to appropriate allowlists or blocklists based on usage patterns and switch to Strict Mode for enhanced security, once the unmanaged applications are resolved and allowlists are defined. While a zero-unmanaged-application count is ideal, organizations can maintain Audit Mode with ongoing monitoring for a more flexible approach.
The unmanaged applications of each associated policies can be viewed under Unmanaged Apps in the specific groups under Deploy Policy. Following are the ways to resolve the unmanaged applications:
Note: In strict mode, the unmanaged applications can be requested. Learn more.
If you have any further questions, please refer to our Frequently Asked Questions section for more information.