Ivanti Application Control
Limit admin privileges without limiting productivity. Easily define who can use specific consoles, applications and commands for servers.
Success story
The department of transport turned to Ivanti for ASD top 4 compliance
Preventing risk exposure
Victorian residents in Australia rely on the Department of Transport (formally VicRoads) to provide licence and registration services, implement road safety strategies, develop sustainable transport options and manage a road network spanning over 52,000 kilometres.
Employing approximately 4,300 people, the Department of Transport was at risk. Its agile workforce depends on more than 4,500 devices across 92 sites, but a large number of employees had full admin privileges on devices due to business support requirements and the applications they utilised. On top of that, employees were using an array of unapproved applications, and there were no clear controls to manage employee application access.
The Department of Transport needed to quickly minimise its risk exposure while complying with the Australian Signals Directorate’s (ASD’s) top four recommended cybersecurity controls: implementing application whitelisting, patching operating systems and applications, and minimising admin privileges.
Whitelisting to the rescue
To safeguard its environment and comply with ASD recommendations, the Department of Transport sought a solution that would deliver both application control, including whitelisting capabilities, as well as privilege access management to minimise the amount of untrusted software being executed on corporate client computers. It was also important that the selected solution offer lightweight operation without introducing excessive additional overhead for the operations teams to manage.
Ivanti Application Control met these requirements. Combining dynamic whitelisting and privilege management, Application Control prevents unauthorised code execution without making IT manage extensive lists manually. It also features a comprehensive central management console. Additionally, it leaves users unconstrained. On-demand change requests mean that the Department of Transport’s users can request emergency privilege elevation as required.
“We’ve created user profiles, so employees get exactly what they require to do their job. We will elevate apps as needed, but full admin access is now only provided on an absolute as needed basis,” says Umair Saleem, IT team leader, department of transport.
Automating patch management madness
Another headache — and risk — for the Department of Transport was the extensive process it would take to stay current on third-party application updates. Due to the time this largely manual task would take, some patching simply wasn’t happening.
“We were manually pushing out patching updates, first testing on a desktop, then pushing out to other computers. Some updates just never happened,” recalls Saleem.
The Department of Transport solved this update lag with Patch for Configuration Manager. The solution automates updates by downloading and pushing out patches to all devices — saving a considerable amount of staff time. Not only has this solved patching gaps, but security exposure from outdated applications has also been minimised. “We don’t have to worry anymore that updates are current. Our employees are all able now to be the most productive with the latest applications,” says Saleem.
Compliant, productive and secure
Ivanti was able to solve the Department of Transport’s critical security and compliance exposures while further freeing up time for IT staff for other strategic projects. Now the organisation is confident in its compliance with ASD controls and finds comfort in knowing it has mitigated risk exposure with greater security confidence.
Since implementing Ivanti, the Department of Transport has seen the following results:
- Implementation across 4,500 devices was completed in under three months, with no slowdown in employee productivity.
- All workers now have access to current third-party applications to increase productivity.
- IT spends only a small fraction of the time it once did to maintain patches and applications.
- The Department of Transport has confidence that its endpoint estate is secure and current.
“We have cut overhead and staff time as a result of Ivanti’s automated patch updates, and the interactive dashboard makes the entire programme easier to manage. Ivanti, in all aspects, has exceeded our expectations,” Saleem says.
As a result of the successful deployment, the Department of Transport is now considering the roll out of Ivanti Application Control for its servers as well. “Our server teams are jealous of our results!” he laughed.
Note: A customer’s results are specific to its total environment/experience, of which Ivanti is a part. Individual results may vary based on each customer’s unique environment.