In any given business, you could have hundreds, maybe even thousands of applications. Even if you are just getting started, it’s likely you have a handful of applications. However, as unique as applications can be, they tend to share some similarities.
For example, you might have applications that process or store sensitive information, maybe even personally identifiable information for your users. Since attacks are often aimed at these types of applications, you will definitely want to make sure your policies that identify high and critical threat security vulnerabilities are included during the evaluation of these types of applications.
Unfortunately, especially as the number of applications in your business increases, identifying an application by name may not be helpful. To address this, application categories provide a way to quickly identify characteristics of an application.
Using specific text and color, an application category can help group particular applications with similar attributes. While an application category can ultimately be anything you want, and attached to any application, you will want to take a much more thought-out approach, similar to what is recommended for labels.
As we will see later, in order to maximize the benefits application categories can offer, you will want to take advantage of category matching between policies and applications. For now though, let’s see how to create, edit, delete, and apply application categories.
Application categories are created, edited, and deleted at the organization level and then assigned individually to each application.
To create an application category:
In the New Application Category dialog, set the following attributes:
To edit an application category:
In the Edit Application Category dialog, you can change the following attributes:
To delete an application category:
In the Edit Application Category dialog, click the Delete Application Category button. A Delete Category alert dialog is displayed. If there are applications assigned to the application category, they will be listed.
When you delete an application category, the action cannot be undone.
You cannot delete an application category that’s used in a policy to affect policy inheritance. You must first remove the application category from the policy, and then delete the application category.
In most cases, the people assigning application categories may be different from those creating them. It is important though to understand that while application categories are provided to identify characteristics of an application, a more important usage is to provide a way for policy managers to create specific policies that consider those application characteristics. For this reason, when assigning an application category, your application may be evaluated by a specific set of policies. This is a good thing, but it also makes the use of application categories an act that requires careful consideration.
To assign an application category to an application:
There must be at least one application category defined before you can assign any application categories. For more information, see Creating Application Categories earlier in this chapter.
Once application categories are created and assigned, you can use them to apply policies to a subset of applications in an organization through inheritance. For more information about policy inheritance and application categories, see the Basic Policy Management chapter.