Tag Archives: Software Asset Management

Detecting Prohibited Software

What is a ‘Prohibited software’?
Prohibited software refers to a software program or application, which is deemed inappropriate and not allowed to be installed in any computer in a specific IT environment. The reason in general are security vulnerability / threat that it can create to that computer or even to the entire IT environment. It’s a kind of banning or blacklisting a particular software for a specific IT environment. The reason for putting a software in such a category differs from organization to organization, depending on the domain of operation, data sensitivity, security concerns etc. Therefore, a software that is “prohibited” or blacklisted in one organization might be freely used in another, and vice versa. However, certain kinds of software are more likely to be marked as prohibited in workplaces.

Importance of detecting ‘Prohibited Software
Computer users of an IT network often install different kinds of software – within the organization (e.g., on a server share), from a friend / colleague, download from the Internet, and such. Many of these software turn out to be failing in the security standards and cause vulnerability / threat to the entire network. New software of various types and increasing complexity are emerging on a regular basis. There are a lot of free software available on the Internet that are quite useful. For example, Adobe PDF Reader, Internet browsers (Firefox, Chrome, IE, Safari, Opera), Skype etc. are from highly reputed software publishers and widely used at home as well as in small to large organizations. There are also many popular games, media players, chat applications etc. From our own experience, a widely used “free” media player app also tries to install a bunch of other software, and even if you opt out of all of them, they still silently slip in a couple of questionable software into your computer! First of all, these are unknown software, on top of that they sneak into your system. How comfortable / happy does that make you feel? In most cases, the adverse effect of such software on the IT system is unknown for a while. As a result, IT network security threat increases significantly as more such software are installed. Software from commercial software providers are regularly reviewed and updated, but some of the commonly used software do not go through proper follow-up and are rarely updated. Any security flaw in such software remains and create a backdoor for hackers and malicious programs to penetrate an organization’s IT network.
On the other hand, there are some popular software including gaming, media, and social networking, usage of which is likely to affect focus and productivity of employees. Presence of such software in workplace can also lead to various compliance issues. Also, if employees in an office downloads various software from the Internet and installs on work computers, it can lead to serious legal issues, such as license violations.
That’s why every organization needs to know what software are installed on its computers and if those are required and acceptable for business reasons. If not, such software should be identified as “prohibited” and arrangements made to stop those from being installed on any work computer. Controlling software installation is not a choice anymore; it’s a required step to address security, productivity, legal, and compliance issues.

Importance of ‘Software Asset Management’ in this regard
Detection of ‘Prohibited Software’ is a part of the bigger area ‘Software Asset Management’. Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization.
Proper software asset management is necessary for effective security practices to help combat cyber-attacks that can damage an organization in various ways. An effective SAM practice delivers intelligence on software across the network, providing clear visibility of entire network inventory that helps Network Administrator to take more informed software security decisions. SAM helps to minimize the attack-surface of an organization by detecting unauthorized and unsupported software and preventing them from being installed, or at least to be removed.

Methods of tracking ‘Prohibited Software’
Traditionally, the method known as ‘application blacklisting’ is used to track the unwanted applications. This method works by maintaining a list of applications that are to be denied system access and preventing them from being installed and executed. However, since the number, variety, and complexity of applications are increasing day by day, that approach is hard to follow these days.
The opposite approach to ‘blacklisting’ is ‘application whitelisting’. In this approach, an authorized list of applications is maintained. When a new application is going to be installed, it is automatically checked against the “authorized list”. If the application is not in the list, it’s not permitted to be installed. This depends more on the honor system.

Are these methods full-proof?
Nowadays applications are coming with increasing levels of complexity, variety, in increasing numbers. So, ‘application blacklisting’ process is not likely to be full-proof. On the other hand, the ‘application whitelisting’ method also might not be practical, because of the administrative resources required to create and maintain an effective whitelist often turns out to be inadequate.

Any way out of this problem?
Considering the possible threat to the IT network, it’s not recommended to rely on manual processes to detect the unwanted software. Rather we have to rely on an automated system that can detect such applications automatically without any manual intervention – a system that continuously monitors the IT network and immediately informs about the presence of any unknown or unwanted software.
SARANGSoft SysExpertez provides this functionality along with full-fledged IT Asset Management (tracking of hardware, software, and users) in a Windows network. Let’s see how SysExpertez helps detect the unauthorized / unwanted software within a Windows network.

Role of SysExpertez in detecting ‘Prohibited Software’
SysExpertez categories installed software broadly in three distinct categories.
1. Licensed: is associated with legal copies of commercially published software from reputed providers, license for which are purchased and budget is allocated for such software to be renewed / upgraded; e.g., Microsoft Office, SQL Server, Adobe Photoshop, Oracle database, AutoCAD etc.

2. Approved: There are many free but wonderful software available. Depending on an organization’s needs and policies, its IT team can identify some of those as “Approved”; e.g., Adobe PDF Reader, Skype, Firefox & Chrome browsers, some text editors (like Notepad++, TextPad) etc., which are suitable / beneficial for use in workplace;

3. Prohibited: There are some software that an organization might choose not to allow in its network for various reasons – security threat, productivity loss, legal / compliance issues etc. These generally include games, media players, chat apps etc. Any installation of such software within the IT network should be detected ASAP, and immediately acted upon (such as uninstall and prevent future occurrences);

SysExpertez helps put the known and relevant software into one of above three (3) categories – Licensed, Approved, and Prohibited. If any software outside these three lists is installed on any computer within the network, SysExpertez can detect that, classify it as an “Unknown”, and immediately notify the IT Administrator about it. The IT Administrator can investigate the case, and either

  1. Accept it as one of the first two categories (i.e., Licensed or Approved), or
  2. Put it in the Prohibited category and instruct the user(s) of the concerned PC(s) to immediately uninstall the software (and refrain from installing it in the future).

Monitoring of software assets helps keep the network safer and comply with legal and standards requirements.

How important is to know the network inventory?

What is ‘Network Inventory’?
An IT network consists of various types of hardware (client PCs, servers, printers, and other peripherals) and software as well as the users. The hardware and software are commonly referred to as Network Assets, which constitute the entire network inventory.

At the simplest level, network inventory is a basic list of devices connected within the network. However, at a more advanced level, it can evolve to contain detailed information about software installed, hotfixes applied, services, and much more.

How important is to know your Network Assets?
Managing the IT infrastructure of an organization is undoubtedly a challenging task. The assets in the network get deployed, updated, removed fairly frequently, and often without any set pattern, to support the operational needs of the organization and the overall computing environment (security issues, virus / hacker threats, product updates and enhancements etc.). Keeping track of the users and their access privileges is an integral part of IT management. One of the biggest challenges to managing the network is the lack of comprehensive knowledge and understanding of the network, which are essential for decision-making and planning about the growth and improvement of IT infrastructure.
If you are a network administrator, you have to face these common questions:
  • How many computers (client PCs and servers) are in the network (domain or workgroup)?
  • Which of these computers are active vs. inactive, have been added / modified?
  • What hardware components (CPU, RAM, motherboard, hard discs and partitions, network card / chip, video and audio card / chip etc.) are in those client PCs and servers?
  • What Operating System (Windows) version is running on each PC and server?
  • What Service Packs for the OS have been installed on each PC and server?
  • What software applications (including version, manufacturer etc.) are running on each PC and server?
  • What all services are running on each PC and server?
And many more like these. Without these details you will never know the actual state of your network. Proper network asset management is impossible without the knowledge of the network assets.
What exactly is “IT Network Asset Management”?

IT Network Asset Management (also called IT Inventory Management) is an important part of an organization’s business strategy. It involves collecting detailed hardware and software inventory information, which are used to make decisions about purchase as well as redistribution of hardware and software over time.

IT asset management helps an IT organization manage its systems more effectively, and saves time and money by avoiding unnecessary asset purchase and/or disposing off existing resources.

How do organizations manage their network assets? Is it sufficient for them?
It’s quite common for System Managers / Admins to manually monitor the entire network, at times with dedicated personnel. That’s a challenging task, which is repetitive, error-prone, time consuming, and to a high degree wasteful of qualified systems professionals. A tool that automatically monitors the network for such information and presents a consolidated view helps with the latest status as well as not take up important human resources for such tasks.

SysExpertez: A solution for network asset tracking, monitoring, and management
SARANGSoft SysExpertez is a comprehensive asset, domain, and operations management application with a number of exciting features that help manage IT assets, Active Directory domains, and operations in the network. It automates and simplifies the repetitive tasks and quickly provides accurate results through an easy-to-use interface.

It’s like a set of CCTVs within your network, so that you as the System Manager / Admin can get a full view through the “Admin Console”, as if sitting in a “Control Room”. The powerful Admin Console is super-easy to use with a simple menu-driven UI that also looks and feels great.