Reducing your attack surface

En Garde

Conclusions

Microsoft has once again developed a new technique for controlling access to applications, drivers, and services in the form of Windows Defender Application Control. Unlike the proven AppLocker technology, WDAC supports application whitelisting with Windows Code Integrity. The initial work involved to implement WDAC should not be underestimated; plan for a large chunk of your time, particularly considering that WDAC can only run in audit mode, especially in the initial period until the IT department has created efficient policies.

After a successful WDAC implementation, however, it is easy to make changes later (e.g., by adding additional policies to the standard policies that manage the required access to or blocking of applications). Don't get confused by terminology such as code integrity policies, WDAC policies, and Device Guard: WDAC is just the new name for something old – but with a few new features.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus