Heimdal Application Control

Overview

Heimdal is a cybersecurity provider that offers protection against cyberthreats across the most prevalent attack vectors, including email, endpoint, web, identity, and applications. Each of Heimdal’s products can be deployed standalone or as a module within their holistic, single-agent platform, enabling organizations to easily manage the entire suite of integrable tools via one interface.

Heimdal Application Control is their application management solution, designed to enable businesses to easily allow or deny the execution of apps within their environment. With granular allow- and deny-listing, group-level policy configurations, and extensive logging capabilities, Heimdal Application Control allows mid-size to larger organizations to create application- and identity-specific security policies across their networks.

Key Features

Granular Application Control Rules

Admins can allow or block application traffic by creating rules in the Heimdal Dashboard. These rules can be based on software name, file path, wildcard path, command line, publisher, certificate, vendor name, and MD5. Admins can prioritize rules via the Dashboard, where they can also view the name, rule type and elevation status of each application.

Some blocking methods are more effective than others. For example, when blocking files by name, users can change the file name to bypass the block (e.g., changing a file name from “spotify” to “music” would evade the block). However, this issue can be rectified by using the MD5 hash block method. This blocks files even if the name is changed or they’re copied and pasted to a separate location. It’s important to note that the MD5 hash method works best on static files because the block rules must be adjusted each time the file is updated.

The command line method is particularly effective. It can be used to block the execution of specific file types to reduce the execution of potential threats, with allow-listing policies that ensure files of that type can still be run in certain instances. For example, if .msi files are blocked, defined end users with elevated privileges can still run a .msi file to install a new app. This feature is particularly powerful when users integrate Application Control with Heimdal’s Privileged Access Management (PAM) module.

Customizable Access Policies

Heimdal Application Control offers granular access policy configurations. Admins can create or edit policies for individual users or user groups via integration with Azure Active Directory. This means that certain applications can be blocked for one group but allowed for another.

When integrated with Heimdal PAM, this makes it possible to allow access onto for privileged users. Admins can also leverage this integration to remove permanent access rights (or “standing privileges”) and grant access to application execution on demand.

Monitoring And Logging

The platform offers very effective monitoring and logging functionality. In the Dashboard, admins can view data into which applications have been accessed and by whom, whether any processes were elevated during the session, whether parent processes were called, and whether services were requested.

Admins can also view a full audit trail of historical executions, including allowed, blocked and Passive Mode monitored executions. This provides detailed insight into whether a user normally needs access to a certain app, and can be used to inform future executions and access rights.

Ease Of Use

Heimdal Application Control is delivered via a single platform and agent. The platform is quick and easy to deploy, and its unified nature makes it easy to manage Application Control as a module within Heimdal’s wider security suite, as well as standalone.

The management Dashboard is very intuitive and easy to navigate. From there, admins can view reports into session details, customize user interaction permissions, request logs, and create or edit block and allow rules.

Creating new rules is very straightforward, particularly when using the file path, wildcard path, and command line methods.

Overall, the platform is very easy to deploy and manage, with little technical knowledge or training time required.

Pricing And Plans

Pricing for Heimdal Application Control is available upon direct request via Heimdal.

Best Suited For

Heimdal Application Control is currently compatible with all Windows devices.

The platform offers comprehensive management of application execution across an environment, with granular rule configurations, the option to define group-level policies, and full logging and auditing. This audit functionality makes the platform suitable for a compliance use case, as well as for security; particularly when implemented alongside Heimdal PAM.

Despite the granularity of policy configurations offered, Heimdal Application Control is very user-friendly, requiring little technical expertise or dedicated training to deploy or manage.

As such, Application Control is a strong solution for mid- to large-sized organizations looking to monitor and control what application can and cannot be access on their network, and by whom.

Final Verdict

Heimdal Application Control is a user-friendly yet comprehensive tool for creating application- and identity-specific policies for application execution within an enterprise environment. It gives security teams full visibility into—and control over—which applications and files are being executed and by whom.

Overall, we recommend that mid-sized organizations and larger enterprises looking for better control over application execution in their environment consider shortlisting Heimdal’s Application Control solution.

To get the most out of Application Control, we recommend that businesses implement it alongside Heimdal PAM, to enable the definition of more granular access controls based on just-in-time privilege elevation.