BloxOne Application Discovery specifically monitors applications with a higher risk of data loss and malware activity (for example, cloud storage, email, and VPN), applications that help you profile your protected assets, and applications often tied to unmanaged services commonly known as "Shadow IT" applications. "Shadow" applications are those applications associated with a higher probability of data loss risk, and applications that assist in profiling the actions of a protected asset. Shadow IT are consumer and enterprise applications that are not managed by the organization.
The applications can be associated with the software manufacturer and the protected asset that generated the application traffic. You can easily filter and drill down to the specific application or protected device, then export the data if needed.
Application Discovery monitors all applications operating on your network based on DNS traffic. BloxOne Threat Defense Advanced then uses detection signatures to determine when an application is one of the following:
- Associated to a remote host: You can observe the remote host using Dossier.
- Auditable: Infoblox is highly confident in its detection accuracy.
- Blockable: Infoblox is confident in its detection accuracy and has identified associated, unique, blockable hosts.
Application Discovery, which is accessed from Reports > Application Discovery, provides a means of detecting and managing the types and numbers of all applications on your organization's network: those approved and supported, awaiting review and approval, and not approved.
Application Discovery makes it is possible to identify and track applications running on your network and to determine what activities each application is engaged in. By default, each application is assigned a status of Need Review. Based on the information obtained from Application Discovery, a system administrator will assign each application a status of Approved or Unapproved. If Application Discovery indicates that an application is safe, the system administrator will assign it a status of Approved; otherwise, the system administrator will assign it a status of Unapproved. An application's status can be revised and updated at any time.
Approved and Unapproved Applications
Application Discovery allows you to specify if a detected application is an “Approved” application based on your organization’s policy. In most organizations, blocking applications can be disruptive and lead to user dissatisfaction. Instead, tracking approved and nonapproved applications allows you to monitor and decide the best action to take, such as user education or requesting approval for the variance.
The tracking of approved and unapproved applications on your network is important. Security and Compliance best practices call for maintaining an accurate inventory of applications in your organization. Additionally, it provides protection for your organization from threats includes the protection of legitimate software used in inappropriate ways that might include a user storing sensitive customer data in unmanaged cloud storage, or malware that utilizes a consumer email to exfiltrate stolen data from the enterprise.
Application Discovery is available to subscribers of BloxOne Threat Defense Advanced.
For information on Application Discovery reports, see the following: