Blackpoint Gets an App Control Feature

December 14, 2023

If you are a customer of Blackpoint, you might already beaware they just released an exciting new tool called “Managed ApplicationControl”. This is an application management tool that works with the existingendpoint agent that SOC uses to monitor suspicious activities. It allows you toblock certain applications and reduce risks associated with users usingsoftware that is not approved.If you are an MSP, you most likely have a set of tools forRMM or remote control that you use and pay for. They are kept up to date andsecured to reduce the risk of security events happening. But what if yourclients or employees like to go outside of those tools and use things that arenot approved? This can open the door for attacks. BlackPoint has a set ofcurated applications that work out of the box to block the most commonapplications that could be a threat to your clients. You can whitelist onesthat you do use or add custom apps that you want blocked. For example, if you use Automate for RMM and want to preventother RMM tools from being used you just whitelist the one you approve, and therest will be blocked from being used.

If you don’t see a specific RMM tool you can also manuallyadd it so it’s either blocked or allowed.You can even get granular and allow certain devices to haveother tools while the other devices are blocked. So, if you have a device thatis managed by a 3rd party and they use another RMM tool you canallow that to be used.

But it’s not just about RMM tools. This allows you to blockthings in several categories such as pen testing tools, ransomware tools andcredential access tools. Tools that a compromised machine might use like mailpassviewor an IP scanner can be blocked as well. In the event a machine is infected andan attacker gains access this limits the ability to spread or cause harm to thePC or data stored on it.The tool forces you to run in monitor mode for at least 24hours. This lets you get an idea of what would have been blocked and lets youmake changes before enabling the blocking mode.

You can edit the rule right from the event page to allow adevice or disable a app from being blocked.If this sounds like something that would help you or yourbusiness make sure to reach out to the guys at BlackPoint -