The Application Layer provides powerful multi-level management of software, and software changes, on the endpoint.

Applications that are part of a standard build can be white listed. Any application not in the white list is prevented from executing. Certain applications that pose an unacceptable level of risk to the organisation can be explicitly black listed by executable name and class – such as media players, peer to peer and file sharing applications.

Beyond Black and White Lists

VigilancePro™ goes beyond basic application control. Application functionality can be dynamically shaped based on contexts such as user, group, time, location, or a combination of attributes. Specific menu options, keyboard shortcuts, and buttons within applications can only be made available to certain users, during working hours, when connected to the internal network. Printing of sensitive documents may be disabled when users are connected remotely over a VPN.

Cut, Copy, Paste, File Save, Save As, Search, Import, Export, Print – as well as the use of keys such as PrtSc can be disabled. The Application Layer complements File and Folder Layer protection so that even if a user is authorised to open a particular file the copying of content or ability to save a file to a different location is prevented.

Management of application concurrent use can be controlled so a user in the finance team is stopped from opening an IM, email or web mail application alongside a spreadsheet in Microsoft® Excel.

With users increasingly given local administrator rights on mobile PCs due to operational and support limitations, access to mmc.exe or the command prompt, or the ability to change proxy settings using the LAN Settings button within Internet Explorer can still be restricted – as well as the ability to install new software.

Flexible dynamic application control enables organisations to both secure and facilitate approved information flows whilst limiting the data leakage vectors available to users.