byreaper03-06-201702:12 AM - edited 03-06-201708:00 AM
Sometimes you need to close the door on applications like Rick Grimes (from The Walking Dead) needs to stop zombies from flooding in: by closing the gate.
But how do you define 'a gate' when you're talking about the flood of applications trying to get in (or better: your users will try to access) and you can only describe them by their behavior rather than putting your finger on a specific application?
Community member @Rahimbhamani was wondering the same thing about video streaming:
If you know the application, it's fairly easy to create a security policy containing all the applications and simply block access to them. If you can only describe what kind of applicationyou would like to block by its behavior or categorical characteristics, things get a little more complicated.
You can opt to leverage URL filtering to block certain categories of applications, but this may not cover all your bases, or, if you do not have a URL filtering license, you may not be able to use this avenue of attack.
From experience, the Application Filter is often neglected as an option to block behavior, rather than named applications:
Once you have set your sights on something you want to block (or allow) based on generic attributes, the Application Filter allows you to select what you want and will populate the applications associated with these attributes automatically. Even if new applications are pushed onto the device after a dynamic update, the Application Filter will automatticaly account for these new applications, allowing the administrator to rest assured no new applications popped up that are now being allowed because they were not added to a blocking security policy yet.
Attributes can be mixed and matched in any way to create positive (apps you like), neutral (apps some users may need) or negative (apps you do not want) groupings of applications.