Is anybody here using AppGuard in an enterprise environment?

Status
Not open for further replies.

Amelith Nargothrond

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 22, 2017
587
I would be really interested in your experience with AppGuard in an enterprise environment (AD, 100+ minimum workstations, 100+ minimum users). If any of them involves disclosing sensitive information, please tag the question as confidential.

  1. How busy the IT department is when AppGuard is involved (maintenance)?
  2. What is your incident response plan/procedure for AppGuard?
  3. How did the implementation/deployments go? (including hardware/software prerequisites)
  4. How many points of failure your AppGuard implementation has?
  5. How efficient the update/upgrade process is?
  6. How often did you need to restart your endpoints because of AppGuard (if at all)?
  7. How is the support (if you had any opened tickets at all)?
  8. Are the reporting features of AppGuard good enough for your needs?
  9. What compromises (if any) you had to make while using AppGuard?

Please respond only if you have constant contact with the product in the enterprise environment described above.

Many thanks for your feedback!
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
I haven't, but reading these under AppGuard was interesting
AppGuard | IT Security Matters
That was a good read, Malware Dev's are stepping it up.
Anti exe's and default deny are becoming "must have's"
in today's threat landscape for Business and Home users alike.
Thanks for sharing that link Spawn.
 
D

Deleted member 178

I would be really interested in your experience with AppGuard in an enterprise environment (AD, 100+ minimum workstations, 100+ minimum users). If any of them involves disclosing sensitive information, please tag the question as confidential.

I think you didn't grasp what is Appguard, the questions you asked are those you would ask for an AV not an SRP.
SRPs like Appguard are made to be set & forget, corporate workstations are supposed to be static systems , no added softwares , no facebooking on internet (unless some departments needs it, etc...).
Employees are locked out the system, they have no possibilities (and should not even have any) to influence the system they work on. Only the admins are authorized to modify the workstation policies.
SRP works the same for 1 or 1000 machines , the principle remain same. Issue a lockdown policy then solve issue on the fly if any.
AG doesn't influence the OS daily functionment, it doesn't have to monitor every files accessed, it only block what have to be blocked.

Also , Appguard Enterprise can be managed by BRN (that kind of cooperation is decided between the client and BRN).

This is the basic procedure upon acquiring AG:

1- Client purchase AG.
2- Client and BRN collaborate together on AG policies for better efficiency and to fit the admin standard and demands.
3- tests are made to identify potential issues.
4- if no issues are discovered , final policies is pushed to workstations clients via the management console.

From it, once in operation , there is nothing much to do. The admin will mainly just monitoring logs which can be filtered (those logs can be exported into csv files, open in excel)

However the system or some productivity softwares may be updated and requires adjustment. In big companies the OS would be Windows Enterprise LTSB and not Home version with updates every days.
So in case of issues/unexpected blocks:

1-The admin is supposed to know how to handle AG and can adjust policies on the fly.
2- If he can't pinpoint the issues , BRN will be contacted and a response can be issued immediately or in days depending of the importance of the company , severity of the issue and its impact on the company productivity.

About Updates, policies are push automatically , local adjustment can be made by admin , clients have to be updated manually.

so about your questions, i will answer those not mentioned previously.

  1. How busy the IT department is when AppGuard is involved (maintenance)? almost none, only monitoring logs and adjust polices
  2. How did the implementation/deployments go? (including hardware/software prerequisites). As any solutions, unlike AV suites, SRP doesn't need powerful machines.
  3. How many points of failure your AppGuard implementation has? because it is policy , once pushed you shouldn't have any failure, you were supposed to test the system environment before pushing the final policy , so failure shouldn't happen.
  4. How efficient the update/upgrade process is? as any software , you just install manually the new build.
  5. How often did you need to restart your endpoints because of AppGuard (if at all)? once for installation or update of the client.
  6. Are the reporting features of AppGuard good enough for your needs? AG only blocks so quite easy to monitor, no?
  7. What compromises (if any) you had to make while using AppGuard? None, the goal is to totally lock out the employee from the system. For an admin , it is all benefit, no hassle.

Do you plan to buy AG for your company?
 
Last edited by a moderator:

Amelith Nargothrond

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 22, 2017
587
Thank you @Umbra for the thorough description, i read everything in detail!
Are you using AppGuard in an enterprise environment? Being on the forum i thought maybe i could have some insights about AppGuard in these kind of environments from others, because i noticed that for malware testing and a very specific niche of users is very popular. This raised the question in me, what about companies?

On their website, there's nothing to download or to test (didn't look in any other places yet, maybe distribution is done elsewhere). I always try before i buy (for me or others), but not even an installer is available, no documentation, just a FAQ section. Or maybe it's just for really big corporations, so distribution is done by other channels. I will look into this though.

For my company no, but for others, maybe, i can think of some clients who could benefit from this. It looks like a very solid piece of software (from what i read on the forum), also very praised and i never heard about it before joining MT (mind that i also have my channels and software distributors, not one ever mentioned AppGuard or BRN).

Thanks again!
 

Amelith Nargothrond

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 22, 2017
587
@Lockdown might be able to answer the questions, as he is currently a BRN employee. Besides, I think he uses AppGuard Enterprise. :)

To be honest, LockDown was the reason i asked this question. Well... indirectly at least. We had a very productive difference of opinion a few threads back, and i looked into his profile. Found his postings, impressive i might say, lots on information from his part and a very helpful guy, and i'm not talking about the times he directly or indirectly advertised AppGuard, but the times he provides feedback for people that has nothing to do with AppGuard.
And so digging and digging, this thread came out :)
 
D

Deleted member 178

On their website, there's nothing to download or to test (didn't look in any other places yet, maybe distribution is done elsewhere). I always try before i buy (for me or others), but not even an installer is available, no documentation, just a FAQ section. Or maybe it's just for really big corporations, so distribution is done by other channels. I will look into this though.
Yes there was a change in their policy, they don't offer trials anymore, you must purchase it. And indeed they focus mainly on corporates customers, home users are fractions of their sales, they still keep a version for them but they are not prioritized.
Not saying a new version will be released with major improvements.

For my company no, but for others, maybe, i can think of some clients who could benefit from this. It looks like a very solid piece of software (from what i read on the forum), also very praised and i never heard about it before joining MT (mind that i also have my channels and software distributors, not one ever mentioned AppGuard or BRN).

Appguard is a very solid military-grade software, users must have a decent knowledge of the OS and AG's features/mechanism. It seems complicated at beginning because you have to think in a certain way: User-Space and System-Space.
Once understood those concepts, it become very easy to use and set.

AG made me rethink my approach of security; i ditched my layered setup mostly because of it. simplicity & efficiency. to me "once you go Appguard , you never look back"

If you are interested , there some links about Appguard awards (for what they worth ^^ ):

AppGuard Receives Army Certificate of Networthiness (CoN)
2016 Homeland Security - AppGuard Best Cyber Anti-Malware Solution

You can find here several videos review/test of AG against malwares, but most were made in default mode, and we all know that SRPs is all about customization.

To be honest, LockDown was the reason i asked this question. Well... indirectly at least. We had a very productive difference of opinion a few threads back, and i looked into his profile. Found his postings, impressive i might say, lots on information from his part and a very helpful guy, and i'm not talking about the times he directly or indirectly advertised AppGuard, but the times he provides feedback for people that has nothing to do with AppGuard. And so digging and digging, this thread came out :)

If i can talk for him since he is a very good friend of mine, and we share the same point of view about security. @Lockdown is a old members of MT and his little hobby is to find weaknesses of security products, then report them to the devs , luckily for him, his observation/reports attracted the attention of BRN executives and he was hired by them.
 
5

509322

AppGuard Enterprise is not available as a trial version. In fact, it's not made available to the general public for purchase - meaning home users can't buy it. It is sold via authorized channel sellers. A demo can be arranged via the AGE Sales webpage.

It's the same with AppGuard consumer. There is no trial.

For both products BRN adheres to the Enterprise sales model. I know that fact disappoints a lot of home users who are accustomed to trial versions, but BRN doesn't promote nor sell AppGuard consumer in the same manner as the big name consumer security soft publishers do.
 

Amelith Nargothrond

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 22, 2017
587
Thank you both for your answers.
Unfortunately, when i say "try before i buy" it's not a stubborn idiotic childish quote i found on the internet. It's mandatory, not just to verify the product's quality, but also to master it as much as possible. I'm the first line of "defense and support" for my clients, i have to know at least how it works, exactly the version i recommended. Later i can and i am escalating the issue if i am not able to provide relevant help.

I must say i am a little disappointed that no one from the enterprise segment could reply (yet), specially if their main customers are enterprise users.

I do wish the best of luck for AppGuard and the team, the product must be as you say it is, just by reading this forum, it's very popular on MT.
 
D

Deleted member 178

Thank you both for your answers.
Unfortunately, when i say "try before i buy" it's not a stubborn idiotic childish quote i found on the internet. It's mandatory, not just to verify the product's quality, but also to master it as much as possible. I'm the first line of "defense and support" for my clients, i have to know at least how it works, exactly the version i recommended. Later i can and i am escalating the issue if i am not able to provide relevant help.

This is a point we all complained, but i can understand the reason: trial = test by people who may not understand the mechanism and then the issue = support team under avalanche of complain/tickets = bad publicity + waste of resources.
Many corporate vendors does the same, and i'm not found of it, but i'm not their CEO so...
so people have to "trust" to a certain extent what we say about it; not the best way , i know :D

I must say i am a little disappointed that no one from the enterprise segment could reply (yet), specially if their main customers are enterprise users.
I don't want bash corporate admins, i was one but many have very limited knowledge about security, i have seen horrific stuff, many have the "home user" mindset type. And many don't even knows about security forums.
So finding an admin here using AG on 100+ workstations won't be easy. :p
From what i know, the difference with Enterprise and Home version is that the ENT is managed via a console and it has some features removed, the rest is similar, i would say it is even easier to use and easier to get support response.
 

Amelith Nargothrond

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 22, 2017
587
This is a point we all complained, but i can understand the reason: trial = test by people who may not understand the mechanism and then the issue = support team under avalanche of complain/tickets = bad publicity + waste of resources.
Many corporate vendors does the same, and i'm not found of it, but i'm not their CEO so...
so people have to "trust" to a certain extent what we say about it; not the best way , i know :D


I don't want bash corporate admins, i was one but many have very limited knowledge about security, i have seen horrific stuff, many have the "home user" mindset type. And many don't even knows about security forums.
So finding an admin here using AG on 100+ workstations won't be easy. :p
From what i know, the difference with Enterprise and Home version is that the ENT is managed via a console and it has some features removed, the rest is similar, i would say it is even easier to use and easier to get support response.

Well stated! Agreed with everything (except the "many corporate vendors do the same" part, as i can't remember i met one without a trial, possibly because i always searched for trials) :)
Thanks guys!
 
Last edited:
  • Like
Reactions: XhenEd
D

Deleted member 178

Well stated! Agreed with everything (except the "many corporate vendors do the same" part, as i can't remember i met one without a trial, possibly because i always searched for trials) :)
Thanks guys!
Cylance. You can't get a trial or even buy it if you are a home user, you must pass by a special reseller, even then you must buy it and get a refund if not satisfied.
I know i can buy AG eyes closed because i tested it before their marketing shift, but i can understand a newcomer having issues with it.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
And the true Enterprise specific Security firms will opt instead for an on facility Demo like ClearSwift or a web based thingy like Palo Alto.
Exactly, and seeing the business he professes to be in, I am stunned he does not know this.
These are some of the first realities you are exposed to in that line of work.
Oh well to each his own I guess.
Thanks Sis.
 

Amelith Nargothrond

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 22, 2017
587
And the true Enterprise specific Security firms will opt instead for an on facility Demo like ClearSwift or a web based thingy like Palo Alto.

That's the step for executive people, they want to see for themselves what they are investing their money in, to negotiate and to intimidate in many cases.

The step before this is the IT department's research. Anyone who skips this step is because somebody from the product's staff knows somebody from the executive staff of the buying corporation and pushes the product downwards in the hierarchy.
 
  • Like
Reactions: XhenEd

Amelith Nargothrond

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 22, 2017
587
Exactly, and seeing the business he professes to be in, I am stunned he does not know this.
These are some of the first realities you are exposed to in that line of work.
Oh well to each his own I guess.
Thanks Sis.

Please don't judge before you know all the facts.
 
  • Like
Reactions: XhenEd

Amelith Nargothrond

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 22, 2017
587
I will not debate on this topic anymore. I asked a question about a product, got my answers (more or less), i understand why i will not get any more on the topic, got other opinions as well (some off topic), people shared their experiences as well, good. I'm not the enemy of anybody. IT people are difficult and in many cases (me included) and often they don't change their minds until they hit the wall. I didn't, yet, with my methods, my experience and my thinking, may that be good, bad or apocalyptic.

Thank you again for you input!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top