Application control stops malicious software from running in the first place. It is one of the ACSC Essential Eight controls and one of the most effective things a business can do to reduce cyber risk. When it is set up properly, unauthorised software simply cannot execute.
Application control keeps a list of software that is allowed to run in your environment. Anything not on that list is blocked before it executes. That includes malware delivered through phishing emails, ransomware payloads, and any other unauthorised software, regardless of where it came from or how it arrived.
This is different from antivirus or endpoint detection tools. Those tools look for software known to be bad. Application control only allows software known to be good. It is a much stronger model because it does not need to recognise a threat in order to stop it.
The ACSC rates application control as the most effective Essential Eight strategy for stopping malware and ransomware. It also limits user-driven risk. Staff cannot accidentally install something that introduces a vulnerability, even with administrator access.
Effective application control requires a well-maintained policy. The policy defines what is allowed to run, on which systems, and under what conditions. We build and maintain this policy on your behalf, keeping it up to date as your software environment changes.
We also apply ring-fencing controls that restrict what approved applications can access. An application that is permitted to run but attempts to access parts of the system it has no reason to touch will be blocked addressing the risk of supply chain attacks.
Hardening refers to the process of reducing the attack surface of each system by removing unnecessary features, applying secure configuration settings, and ensuring defaults that create risk are changed.
Out-of-the-box operating system and application configurations are optimised for usability, not security. Hardening adjusts those settings based on established frameworks including the ACSC's hardening guides for Windows and Microsoft 365.
Application control has a reputation for being disruptive. Done poorly, it can block legitimate software and frustrate staff. This happens when the initial policy is built too quickly or without adequate testing, or when the ongoing management is not maintained as new applications are introduced.
We build application control policies carefully, with thorough testing before deployment and a managed rollout process. We maintain the policy on your behalf, handling new software requests, updates, and exceptions through a controlled process. Staff experience is considered throughout. The result is robust protection that does not create operational friction.
We can assess your current environment and walk you through what a rollout would look like in practice.