Application Control and Endpoint Security Software Solution

The Vendor is required to provide to implement an enterprise-wide application to prevent unauthorized application installation and execution, reduce malware and ransomware risk, and enforce granular control over application behavior and user privileges.
- Objectives
•    Enforce deny-by-default application execution policies across all endpoints.
•    Automate discovery, profiling, and allowlisting of applications.
•    Provide monthly scanning and reporting of application inventory.
•    Detect and manage unauthorized plug-ins and extensions across:
•    Browsers (Chrome, Edge, Firefox)
•    IDEs (Visual Studio, RStudio, Python IDEs)
•    Kubernetes and Tanzu environments
•    Enable granular control of applications and extensions.
•    Provide centralized policy management with real-time propagation.
•    Ensure minimal disruption to end users and IT operations.
•    Integrate with existing security tools (Microsoft Intune, Defender for Endpoint, Entra ID, and Purview) and automated workflows.
- Core Capabilities
•    Application allow listing with deny-by-default enforcement.
•    Ring-fencing to restrict application permissions and prevent unauthorized actions such as macro, PowerShell or CMD executions.
•    Detect and report unauthorized software, browser extensions, and ide plug-ins (e.g., visual studio, rstudio, python ides), and prevent profile synchronization between personal accounts to business accounts.
•    Monitor and control integrations with kubernetes and tanzu environments, which may not pertain to the production environment, but may apply to endpoints running local containers or virtual machines (VMS).
•    Elevation control to manage admin privileges at the application level.
•    Configuration management for enforcing security baselines.
•    Block all application executables from any source (e.g., USB, network shares, cloud storage, etc.).
•    Policy simulation to test deny rules before enforcement.
•    Patch management to integrate with SCCM, Intune, or patch my pc.
•    Sandbox testing for new or unverified applications.
•    Real-time policy propagation.
- Platform Requirements
•    Support for Windows 10+, Server 2012+, macOS, Linux, IOS and Android.
•    Centralized dashboard for device and applications telemetry and compliance.
•    Unified management console with dynamic policy allocation.
•    Automated policy updates based on threat intelligence feeds