Application whitelisting has been listed by the Australian Signals Directorate as the most effective strategy in mitigating cyber security threats. Despite this, organisations are often oblivious to the value of application whitelisting, or reticent to go through the process of adopting it. While it may not be a panacea to protecting your digital assets, well-executed application whitelisting in the hands of a skilled IT consultancy will provide a robust defence against ever-changing cyber attacks.
How Does It Work?
Application whitelisting is a security method that protects an organisation from unauthorised code executing on their network. In simple terms, a program is used to create a ‘whitelist’ of approved applications; no applications other than those on the whitelist will run. By ensuring that only authorised programs can be executed, the threat of infection from ransomware is mitigated and the system operator can maintain complete control.
The alternative method of application blacklisting is somewhat looser in practice, as it only prevents known ‘blacklisted’ applications from executing on a system. The ever-changing nature of malware attacks mean that blacklists require constant updating and do not allow for zero-day threats (exploits that software vendors do not know about but hackers do, and for which patches have not been created).
Why Don’t More Organisations Adopt Application Whitelisting?
A common view of application whitelisting is that it is too complex to implement efficiently at an organisational level. In the past this may have been true, with cumbersome manual lock-down processes applied at all levels of an organisation, but new programs allow for greater flexibility. By employing an IT consultancy to apply an intelligent whitelisting solution, your organisation can enjoy the security advantages without having employee workflow stifled by overbearing security measures.
Computer One utilises a centrally managed program in McAfee Application Control to protect client businesses.
McAfee Application Control
McAfee Application Control is a scalable and efficient program that allows organisations to mitigate cyber intrusions that use executable files. The program uses intelligent whitelisting to offer three options for users when it comes to software execution.
‘Default Deny’ only allows use of software based on a whitelist, while ‘Detect and Deny’ lets you run software based on reputation verification from a separate McAfee service and ‘Verify and Deny’ allows programs to be verified based on sandbox testing. This ensures the highest standard of security without compromising day-to-day efficiency for employees.
A Computer One client in the transport and logistics category had this to say on the introduction of intelligent whitelisting into their network.
“Since commencement, we have noted a marked decrease in the instances of ransomware that have been able to affect our system. It has saved us days of recovery time across multiple cases.”
For more information on our application whitelisting services, get in contact today.