Application Control and Device Control Products
Parity Application Control and Device Control - How it Works
;)
Bit9 Parity application control and device control has been designed from the ground up to be the easiest and most efficient way to control what software and devices can and can not operate. By making it simple to define and enforce policies, Parity provides IT staff with an entirely new approach to application control and device control for easily and effectively achieving user-friendly Windows lockdown and business-friendly whitelisting.
Parity's application control and device control policies classify software into three categories:
- Approved software that has been officially authorized by IT (whitelisted)
- Banned software that is categorically prevented from running (blacklisted)
- New software that has not yet been seen, for which IT needs more information (graylisted)
Application control and device control policies are then defined with respect to these categories. For example, your call center organization may be locked down, meaning no new software is allowed to run unless specifically pre-approved. On the other hand, a field support group may have a monitor-only policy, which means they can install and run new software, but IT has the ability to ban anything unwanted.
Parity then uses three core capabilities to maintain and enforce these policies:
Monitor software activity on each PC
Parity application control and device control software on each desktop constantly monitors the PC to identify any new software. When a file is written to a system's disk, Parity calculates a cryptographic hash of its contents. This unique fingerprint assigns a definitive identity to the file, preventing software from using a different name or directory to circumvent policy.
Parity's abilities to detect software that don't properly register with Windows and to handle large amounts of this information without affecting system performance are two of the key technological advances pioneered by Bit9.
Analyze each software module
Each software module is then analyzed to determine if it should be trusted. Parity application control and device control consults various sources for this assessment, such as your software deployment systems, policy tools, and digital certificates, among others. So, for example, any software that is rolled out through a deployment or patch management system will be automatically approved to run on desktops with no intervention by IT.
In this fashion, the vast majority of new files on your desktops are automatically approved (whitelisted) or banned (blacklisted). Those that remain are truly unknown (graylisted) and deserving of further investigation by IT before a permanent policy is associated with them.
Block it or let it run
At this point, Bit9 application control and device control enforces policy to block banned software and let approved software run. Any software that has been classified as unknown can be blocked from running, depending on the policy of the host PC. This unknown software is also immediately fed back to the Parity server, where it shows up in the Parity Server console on Bit9's Automatic Graylist.
Administrators can then use Parity to learn where the software is and how it is spreading. Furthermore, Parity's integration with ParityCenter, Bit9's online software identification service, provides context about the software — facts such as who published it, what products it came with, if it poses any security risk, and more.
