​
Introduction

Policies in ExtensionTotal provide a powerful way to control and manage the installation and usage of third-party extensions within your corporate environments. Policies allow security teams and administrators to enforce rules, prevent risky extensions from being used, and ensure compliance with security best practices. By leveraging policies, you can maintain a safe, secure, and compliant environments without hindering employees productivity.

​
What are Policies?

Policies in ExtensionTotal are rules that define what actions should be taken when certain conditions are met. These policies help ensure that extensions being installed or used within your organization adhere to your security and governance requirements. By configuring policies, you can automate actions such as alerting, removing, or blocking extensions based on specific criteria like risk levels, security findings, publisher information or many other attributes.

​
Key Features of Policies:

  • Automation: Automatically monitor and manage extension installation and usage.
  • Customization: Tailor policies to your organization’s unique security requirements.
  • Compliance: Ensure that your environments comply with security standards and regulations.

​
How to Create Policies

Creating policies in ExtensionTotal is straightforward. Follow these steps to create and configure a new policy:

  1. Access the Governance Page:

Navigate to the “Governance” page in your ExtensionTotal dashboard.

  1. Click on “Create New Policy”:

This will open the policy creation modal, where you can define the parameters of the policy.

  1. Define Policy Parameters:
  • Policy Name: Give the policy a clear and descriptive name.
  • Description: Provide details about what this policy is meant to accomplish.
  • If extension matches: Set the filter with the conditions that trigger the policy.
  • Then: Specify what happens when the policy is triggered. Actions include Block or Remediate, Allow and Approve, or Send Alert.
  • Immediate Impact: For the Block and Remediate policy, you can perform an Impact Check to identify which extensions will be impacted and remediated in advance.
  1. Save and Apply:

Once you’ve configured the policy, click “Save” to apply it. The policy will now be active and enforceable across your environment.

​
Blocklist vs Allowlist Approach

In ExtensionTotal, policies can be managed using two approaches: Blocklist and Allowlist. Each offers a different level of control over which extensions can be installed.

​
Blocklist Approach

A Blocklist blocks specific extensions you deem risky or malicious, allowing everything else. This approach offers flexibility for employees while targeting known threats.

  • Benefits: Employees can install any extension not on the blocklist, while security focuses on preventing known risks.
  • Use Case: Block extensions with a high-risk score or those from unverified publishers.

​
Allowlist Approach

A Allowlist allows only pre-approved extensions, blocking everything else. This provides tighter security but less flexibility for employees.

  • Benefits: Ensures only trusted, vetted extensions are installed, reducing overall risk.
  • Use Case: Allow only extensions from verified publishers or those required for justified use cases.

​
Choosing an Approach

  • Blocklist: Best for flexible environments, blocking only known risks.
  • Allowlist: Ideal for high-security environments where only pre-approved extensions are allowed.

​
Switching to Allowlist

By default, ExtensionTotal operates in block mode. Switching to allowlist mode requires administrator approval for any new extension installations. To ensure a smooth transition, all existing extensions will be automatically pre-approved and remain functional. These pre-approved extensions can still be installed on new devices, and any existing block policies will be removed.

To switch to allowlist mode:

  1. Navigate to the Governance Mode section.
  2. Click the Switch to Allowlist button.
  3. A confirmation dialog will appear. Click Enable Allowlist Mode to confirm the change.

Once in allowlist mode:

  • Any new extension requests will appear on the Approvals page for admin review.
  • The extension request form is accessible from the top bar of the Approvals page under Share with your team.

Here are some recommended policies that we advise implementing to strengthen your security posture:

  1. Block Malicious Activity Detected
  • Criteria: Extensions with either Malicious Activity Detected or Malicious By AI findings.
  • Action: Block and Remediate
  • Purpose: Proactively blocks and remediates all extensions when malicious activity is detected by ExtensionTotal analysis.
  1. Block Low Install Extensions
  • Criteria: Extensions with less than 5000 installs in the marketplace.
  • Action: Block and Remediate
  • Purpose: Low installation strongly indicate low reputation and adoption, which are the primary indicators of malicious attempts.
  1. Block Themes with Code Execution and High Severity
  • Criteria: Extensions that are themes with high risk severity and the Theme Running Code finding.
  • Action: Block and Remediate
  • Purpose: Themes usually shouldn’t run code, but if they do, they should at least not be high severity
  1. Uses AI Alert
  • Criteria: Extensions with the Uses AI finding.
  • Action: Send an alert to the security team.
  • Purpose: Ensure tracking of third-party AI usage in the organization.
  1. Block All (Allowlist approach)
  • Criteria: All extensions
  • Action: Block
  • Purpose: Ensure every new extension goes through approval process
  1. Block Deprecated Extensions
  • Criteria: Extensions with the Deprecated Extension finding.
  • Action: Block and Remediate
  • Purpose: Prevent the use of extensions that are no longer maintained or supported.
🕵️‍♀️ Risk Scoring, Findings, and Attributes🔧 Integration Guide