Stopping malware: Application Whitelisting

Stopping malware: Application Whitelisting

Graeme Wilson May 04, 2016 Digital Strategy, Security, Sentrian One

Application whitelisting is a powerful and effective weapon in the fight against malware. Few other tactics compare to the secure environment it enables. With malware and ransomware attacks becoming more complex, it is a heavy-handed security tactic gaining popularity.

How it works

Let's compare application whitelisting to something familiar – antivirus software. At its most basic, a traditional antivirus is by comparison a blacklisting program. It is unobtrusive as it tries to find and block suspicious apps from running on your PC. Whitelisting takes a more direct approach.

Whitelisting only allows authorised apps to run. Meaning your IT service has to explicitly allow programs and their updates before a user can open them. There are many specific solutions available, including Microsoft's own AppLocker program. These form part of a broader security policy.

Businesses with effective whitelisting policies can be regarded as being highly secure, particularly compared those without it.

Benefits and drawbacks

Application whitelisting has a range of benefits, some of which are not as obvious as others. Whitelisting prevents users from installing unnecessary, poorly coded and bandwidth consuming applications. This ensures long-term stability on both their workstations and the business network. Furthermore, it means a reduced likelihood of IT problems due to rogue software.

However, the one big flaw in choosing an application whitelisting approach is that it's incredibly resource intensive. By nature, everything must be approved. There currently may be many workstations in your office running hundreds or thousands of programs. On top on this, each user may be running software at a different version level, depending on the security and feature updates they've installed. Finally each application needs to be tested before it is deployed. These variables quickly add up.

Can whitelisting work at my business?

Yes – it is a question of priorities and timing. If a totally secure environment is required, whitelisting is a necessary component. From here, your security configuration can be scaled to what is realistic considering your budget, time and data sensitivity.

A good time to consider deploying it, is when your business is replacing or purchasing new workstations. If you find your business is regularly subjected to malware attacks or wants a locked down and secure environment, these are also good opportunities to consider application whitelisting.

Of course preventing malware is more complex than one solution. A good backup goes along way in offering a fail-safe, with the benefit of peace-of-mind. Furthermore restricting workstation network access can help contain attacks and lower vulnerabilities.

Whitelisting is worth discussing whenever there is new investment in your IT hardware and/or security configuration. It certainly isn’t for every business – but if security is the priority, the option is available.

If you’re curious to know more about application whitelisting, other security methods, or to review your standard operating environment, contact your Sentrian Client Services Manager.

 

Recent Posts

New call-to-action

Subscribe to our Newsletter

SHARE THIS