Conventional wisdom has shown there’s a short line between a company’s highest point of risk – its employees and a compromise.
Unsanctioned, or shadow applications, are apps that haven’t been cleared by a company’s information security team. These apps, on employee machines, have long been a popular attack vector for saboteurs and employees looking to leak data.
While risky insiders have increasingly taken to using legitimate, hard to detect tools already installed on the endpoint – such as PowerShell, WMI, Cmd.exe to hijack machines with malware – there’s no shortage of seemingly benign apps that can evade detection, exfiltrate data and jeopardize an organization.