As a leader in the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program, McAfee is constantly innovating to meet and exceed the security needs of the federal government. Federal agencies count on McAfee to secure their networks and systems, from device to the cloud, and we’re always anticipating and preparing today for tomorrow’s needs.
That’s why McAfee is launching an updated version of Application Control. Application Control is a critical component of the CDM program that fulfills two core functions as defined in the Software Asset Management (SWAM) capability requirements: Application Whitelisting and the timely delivery of an agency’s complete software inventory.
Application Control is an endpoint technology that prevents attacks by blocking the execution of unauthorized applications. The whitelisting program will scan the system for executables, applications, libraries, drivers, and scripts to classify them as well-known, unknown, or known-bad applications. Using whitelisting prevents attacks from unknown malware by allowing only known-good whitelisted applications to run.
The latest iteration of McAfee’s Application Control includes enhanced features and functionality for the centrally managed Software Inventory Mode, Common Platform Enumeration (CPE) Reporting, and Local User support, while also maintaining the basic proactive security functions that provide a safe environment from unknown and future threats.
The primary function of the new Inventory Mode in Application Control is to provide visibility of an enterprise’s installed software in a monitoring-only capacity. Once enabled, the endpoint will continuously update the centrally managed software inventory for an endpoint, thereby ensuring accurate information is available for ingestion into the CDM dashboard. In Inventory mode, an initial solidification process is needed to create the inventory and then is sent to the McAfee ePO server. Following solidification, subsequent differential updates are sent to the ePO server, providing consistent and timely updates to the centrally managed inventory.
Another new feature of Application Control is the introduction of Common Platform Enumeration (CPE) reporting. CPE is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise’s computing assets. There are three dictionary types of CPE: official dictionary, custom dictionary, and managed custom dictionary, which all provide support for applications in custom environments. This feature will serve as a repeatable and accurate method for identifying software installed on an agency’s physical and virtual assets.
The final upgrade to Application Control is Local User Support. This capability will greatly reduce the administrative overhead for on-site administrators by granting the ability to make changes to local endpoints by streamlining operations on a protected system. For example, administrators can be added as a trusted user to allow him or her to install or update any software.
As a champion of the CDM program, McAfee understands the importance of continuously modernizing our solutions, staying ahead of the changing threat landscape and evolving needs of our agency partners. Incorporating the new version of Application Control with the rest of our product suite is an important step that agencies can take to holistically secure their enterprise network while simultaneously achieving the goals of the CDM program. We are excited about the new features in Application Control and the benefits participating CDM agencies can achieve with McAfee.