Application control is a security measure that prevents malicious code (malware) from running on systems. When properly implemented, it allows only approved applications—like executables, software libraries, scripts, installers, and drivers—to execute.
In addition to blocking malware, application control also stops the installation or use of unauthorized applications.
Allowed and blocked application control events are centrally logged.
Event logs are protected from unauthorised modification and deletion.
Event logs from internet-facing servers are analysed in a timely manner to detect cyber security events.
Cyber security events are analysed in a timely manner to identify cyber security incidents.
Cyber security incidents are reported to ASD as soon as possible after they occur or are discovered.
Following the identification of a cyber security incident, the cyber security incident response plan is enacted.
Application control is implemented on workstations.
Application control is implemented on internet-facing servers.
Application control is applied to user profiles and temporary folders used by operating systems, web browsers, and email clients.
Application control is applied to all locations other than user profiles and temporary folders used by operating systems, web browsers, and email clients.
Application control restricts the execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications, and control panel applets to an organisation-approved set.
Microsoft’s recommended application blocklist is implemented.
Application control rulesets are validated on an annual or more frequent basis.
We have a unique perspective across agencies, using our MDR and XDR expertise to detect, correlate, and block attacks.
Our SOC Architecture team work with you to streamline Splunk log ingestion and optimise SIEM billing.
Our SOC experts act pro-actively 24/7, containing and remediating threats before they impact your agency.
Our cyber-security analysts use anomaly detection and machine learning to detect and respond to unknown and advanced threats.
Our engineers are extensively trained to know both our systems and your agency, serving as your frontline of security 24/7.
Weekly and monthly reports, covering key metrics, notable events, threat hunt results and other data or insights.
We are always here to answer your enquiries.
