What is Application Whitelisting and Why is it Important?
Application whitelisting is a security approach that means only designated applications can run on a system. This “safety first” approach works well but is better suited to some situations. It’s in contrast to a blacklisting approach where any application can run unless specifically blocked.
While different security tools work slightly differently, the most common application whitelisting applies either to a specific device or to a network, such as the connected machines in an office or across an organization. In a more technical context, application whitelisting could cover applications running on a remote server or virtual machines.
Many security tools use a blacklisting approach that blocks specific applications from running. In principle, it’s simpler to operate, but it leaves you open to risks from malicious applications that you either didn’t think about or don’t know about. With whitelisting, nothing is allowed to run unless it’s on the approved list, working a little like a strictly enforced guest list at an event.
The whitelisting approach brings three significant benefits. First, it reduces the risk of attackers accessing your system remotely and installing and then running malware. Second, it mitigates the risk of your staff downloading and running compromised software, either intentionally or when scammed by a bogus email or link or a hijacked website. Third, it has a non-security benefit: you can stop staff from downloading and running applications for purposes other than work.
The major drawback of whitelisting is that it takes extra time and trouble to compile the list of approved applications. You’ll need to figure out your entire needs before producing the list. It could also cause a delay if staff need to obtain and use a new application: they’ll have to get approval and wait for the whitelist to be updated.
Many professional security solutions minimize this hassle by including pre-set lists of approved applications. These are usually well-known applications known to be legitimate and safe. Some lists relate specifically to applications used in a particular industry.
Different security solutions use different approaches to check whether an application is on the whitelist. Some solutions are as simple as checking that the file name and file size match the details on the list. Others are more rigorous, for example, checking a digital signature or cryptographic hash that shows the content of the application files has not been tampered with.
Some whitelisting tools come with additional features. These can include logging any occasions when they block software and/or giving a real-time alert that could make it easier to detect a breach.
Another feature to look for is version control. This will let specific versions of an application run while blocking older and outdated versions. That’s particularly useful for software that receives security updates and when older versions eventually become unsupported and more vulnerable to attacks.
CPI Solutions can advise on a range of whitelisting technologies and whether they are a good fit for your setup. Contact us today for more details.