AppLocker, on the other hand, relies on static rules that may not adapt well to changing circumstances. You could also leverage the recent introduction in VBR 12.2 to ensue RBAC as shown below.
Microsoft AppLocker itself is not a Zero Trust principle, it can be part of a broader security strategy that aligns and achieve Zero Trust principles. AppLocker helps control which applications are allowed to run on Windows devices by defining rules based on file paths, digital signatures, and other criteria.
You may want to utilize 3rd oartt tools like TheatLocker and PolicyPak as they come with intuitive dashboards and advanced logging/monitoring capabilities that make it easier to track policy enforcement and application behavior. AppLocker’s monitoring is less robust and may require third-party tools to get comprehensive visibility into policy violations.
By using AppLocker, organisations can limit user access to only authorised applications, which aligns with the least privilege access principle of Zero Trust. Thereby helping to improve application control management.
Veeam has done a very good job by suggesting that we place Veeam Backup and Replication in a management Domain or Workgroup. This in itself complies with the principle least privilege.
Also, When a hacker fakes credentials to get on your VBR Server, they should not be able to install tools or perform lateral movement to other parts of the network. Because they do not have the proper access privileges and not part of the domain. Therefore making it easier to quarantine the problem.
In the context of Veeam Backup & Replication, placing it in a management domain or workgroup aligns with this principle.
Kindly take a look at this article for more theoretical concepts and implementation steps: https://techdirectarchive.com/2024/09/07/harden-your-veeam-backup-server-with-microsoft-applocker/
Note: AppLocker doesn’t replace your antivirus software; instead, it works alongside it to help prevent the execution of unauthorised applications.
While antivirus detects and removes malicious software, AppLocker strengthens your security by blocking unwanted or unapproved applications from running in the first place. Together, they provide a more comprehensive defense against threats.
Lastly, do not forget to keep the AppLocker rules up-to-date especially when using “file hash” whenever there are updates or new versions of Veeam, review and update rules as needed.
