DNS security firm's AppAware identifies risky apps and helps to subdue them. Credit: Dimitris66 / Getty Images A new list of high-risk applications commonly used in the enterprise and an offering to block their use has been released by a domain name security company. DNSFilter posted the list of more than 100 risky apps to its website February 17. At the same time, it announced AppAware, which gives organizations the power to block the apps and includes high-profile file-sharing, remote desktop, and messaging programs.Among the apps on the list were Facebook Messenger, Slack, Snapchat, RemotePC, TeamViewer, Box, Dropbox, and NordVPN. “We’re trying to shed some light on what is happening on an organization’s network and the devices that its employees are using,” said DNSFilter Product Manager Mikey Pruitt. “Our new feature allows for the discovery of what applications are being used. They could be on a personal device or a network or anything making DNS queries.”70% of all cyberattacks involve the Domain Name SystemIn a news release, DNSFilter said that 70% of all cyberattacks involve the Domain Name system. A single app can use hundreds to thousands of domains. That makes them difficult for security teams to monitor and ripe for exploitation by cyber attackers.With AppAware, the company maintains, security teams can obtain visibility in real-time of application activity across an entire organization and have the power to block applications that don’t align with internal policies. Risky apps or groups of them, along with all their associated domains, can be blocked with a single click. Many of the risky apps identified by DNSFilter are part of a range of software associated with shadow IT. “Shadow IT is becoming more pervasive in the industry, especially with people working remotely,” Pruitt says, “but the applications we’re tackling first are not solely shadow IT. We’re focusing on security applications, applications used in attacks or have accelerated permissions in an environment.”Accept but guide Shadow ITPruitt says that employees or departments turn to shadow IT because they feel it makes them more productive. Meanwhile, IT wants employees to work in a secure manner. “A balance needs to be struck,” he says. “We’re trying to enable the applications necessary to get the job done, while restricting applications or parts of applications that are not necessary.” Charles Betz, a principal analyst, with Forrester Research, maintains that there’s no governance regime that will stop Shadow IT. “The most advisable thing is to accept that shadow IT is a reality and seek to guide it, control it, and direct it, rather than assume you’re going to stop it,” he says. “Big IT shops have been trying to do that for decades, and they’ve failed.” Related content news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe