By limiting the number and types of applications that are allowed to communicate on the network, administrators can reduce the number of vectors that attackers could use to access sensitive information and can block advanced malware attempting to communicate covertly.