Security administrators have a lot on their plates these days. Are my devices secure? Are devices running the appropriate apps? Are devices running apps they shouldn’t be? Could those apps or processes cause system wide vulnerabilities? The list goes on. Systems Manager has recently implemented a feature to help answer these burning questions, and also provide tools to remediate potentially threatening events.
Now Systems Manager has the ability to whitelist and blacklist applications on all device types, and if necessary quarantine those devices until the problem is resolved. This is accomplished via an addition to the Security Policies in Systems Manager. Security Policies allow admins to define a set of rules for client devices, and then determine whether clients are compliant or not with a given policy.
In the Systems Manager network below there are two different policies, ‘Secure’ and ‘MerakiSecure’, each with varying requirements.
These policies can check if a device has anti–spyware running, disk encryption enabled, a passcode configured, and much more. New to this list is the ability to take a look into the applications on the devices. We have added 3 features to security policies: mandatory running apps, application blacklist or whitelist, and mandatory applications. These new features allow a tremendous amount of visibility and control over what is happening on client devices.
With the mandatory running apps feature, admins can define processes that are required to be running on Windows and OS X devices. For example, admins can ensure a specific VPN client is installed and running. Admins can also filter for potential vulnerabilities such as devices that are running known malicious processes. These devices can be immediately identified across an entire fleet of clients and with the help of Systems Manager they can be quarantined by limiting their network access with group policy integration.
The client overview page below is listing all devices that are compliant with the MerakiSecure policy, and if they are not compliant we can see the reason/s they are failing. From here the administrator can decide how to deal with non compliant devices, by manually or dynamically applying Systems Manager profiles to set usage restrictions, or by quarantining devices on the network with group policy integration.
In addition to looking into applications on Windows and OS X devices, we can also do the same for applications on Android and iOS devices. The application whitelist and blacklist settings, along with mandatory applications, can be applied to all devices so we can simply enter ‘facebook’ to blacklist all apps named facebook.
Systems Manager allows various methods of defining apps in this field, such as using the complete app identifier, or use wildcards to specify all apps by a specific vendor. To get more detail on syntax options you can simply hover over the info bubble to the right of the setting.
This feature is available now in your Systems Manager network. We are excited to hear what you think of the feature, and how we can keep enhancing compliance policies to provide the best tools to secure devices in your environments. Keep us posted in the make a wish box.