With Zentral you get a clear pathway to implement Application Allowlisting without having to reinvent the wheel.
Application Allowlisting is an important Protect (or similar) function of security frameworks. NIST has a detailed guide dedicated to planning and implementing of allowlisting technologies throughout the security deployment lifecycle.
The Binary Authorization Module stops the execution of malware, unlicensed software, and other unauthorized software on endpoints of your fleet. Unlike, say, antivirus software, which blocks known bad activity and permits all other, binary authorization is designed to permit known good activity and block all other.
Successful implementation of Application Allowlisting requires a phased approach: Start by blocking and allowing known apps first while monitoring all other processes. Then, once you are more confident, switch to a stricter mode of operation. Ultimately, only approved apps are allowed.
Zentral facilitates Application Allowlisting through Santa, an open source binary authorization system that Google developed for their fleet of macOS Endpoints. It is called Santa because it keeps track of binaries that are naughty or nice.
Santa was a pioneering piece of software when it released in 2014, and has been actively maintained since. Santa adopted the macOS Endpoint Security framework much earlier than commercial solutions and continues to improve with new features.
Zentral directs Santa as a sync server to dynamically configure the agent and to collect the events it logs.
With Zentral you can create comprehensive reports automatically, you can export rules and incident metrics and you can build custom dashboards to keep you and stakeholders informed accurately. App execution events are normalized and shipped to your favorite event stores so you can keep a record of anything that ever happened on your Macs. Zentral lets you measure how effective your setup is performing without having to look in different places:
We manage the Santa agent with macOS configuration, Zentral enrollment, and upgrades.
We configure Santa based on your requirements and guide you to towards tight Allowlisting
We turn events into metrics and dashboards for real-time reporting