Best Solution For Controlling New Application Install In Custom Software Environments

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
edited December 2022 in Incident Response

Hi all,

For those of you who have experience successfully implementing controls for adding new software in custom environments where the distribution of software use is a combination of custom software, off-the-shelf software, and unsigned (but legitimate) applications. 

The environment I'm in is as follows:
- Total count of 5000+ applications comprising of custom software and unsigned (but legitimate) applications.
- PAM solution exists
- EDR solution exists (Crowdstrike Falcon)
- Geographical Footprint: Globally spread out along North America, Asia, Europe, Africa

The problem we're facing is that quite frequently the EDR solution alerts new custom software installs as malicious.  Alerts also occur where non-authorized users (those not in Help Desk or Deskside Support) seem to be able to install software on company laptops.

Our Goal:  We would like to be able to configure the security environment so it stops the install of software that is not:

1. Legitimate Software
2. being installed by Authorized Personnel (e.g. Help Desk and Deskside Support)

A dozen high fives for all your suggestions, tips, and comments guys.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Sign In or Register to comment.