New Application Whitelisting Approaches Offer Simplified Security

Malware. It’s the topic of near-daily news articles.

Indeed, new studies show malware continues to proliferate on social networks and search engines. By some counts, the number of malware-infected sites has doubled since last year. Malware creation is increasing…and the studies go on and on.

Enterprises can combat malware, in part, with application whitelisting. Also known as application control, whitelisting is one of the original security models. Rather than keeping up with a growing list of known malware and targeted attacks, application whitelisting can block the unknown and give employees the freedom to check e-mail or surf the Internet without fear of spreading viruses across the organization.

There are many cases for application whitelisting, but when is the best time to deploy it? One tactical time to introduce application whitelisting is when the organization is shifting its endpoint computing strategy.

“Many organizations, when deploying Windows 7, have used this operating system upgrade as the opportunity to introduce application whitelisting,” says Tom Murphy, Chief Strategy Officer at enterprise application whitelisting firm Bit9. “IT staff wants to keep the overall Windows 7 build clean from rogue and malicious software that has plagued the environment in the past. Application whitelisting will prevent this sort of issue from occurring again.”

Layers of Security Benefits
Oftentimes, security professionals talk about layers of protection. Application whitelisting offers layers of benefits that more businesses are considering in order to bridge the endpoint protection gap in the face of targeted malware attacks.

Evelyn de Souza, senior manager of Risk and Compliance marketing at McAfee, puts it this way: application whitelisting gives enterprises active control.

“Organizations gain flexibility and efficiency in allowing needed applications, while protecting your systems against risky changes in the applications themselves,” she says. “Innovations like dynamic whitelisting based on trust, memory protection, standalone operation, enables organizations to secure systems as small as portable imaging devices and as large as datacenter workhorses.”

As Murphy sees it, no longer can the security industry leverage “known bad” as the criteria for preventing malware.  That, he says, is because the volume of malware is growing faster than the industry’s ability to identify it—and threat research labs are only seeing a subset of what is now being used by cybercriminals.

“Application whitelisting removes the dependency on trying to keep pace with malware to managing what is trusted,” Murphy says. “Managing the applications you want running in your network and the sources of trusted software is like managing the employees who have access to your building. The list is constantly changing, but managing a list of who you want in the building is much easier than managing a list of who should not be in the building.”

Paul Paget, CEO of application whitelisting solution provider Savant Protection, says perhaps the biggest whitelisting benefit is the ability to personalize whitelists for each individual computer. With IT installing so many tools on desktops—and with others in the organization sending files that require additional software downloads or plug-ins to view—computers can fall prey to malware. He says, “Personal whitelists can stop malware, viruses and Trojans and ensure they can’t propagate across an organization.”

Overcoming Dated Misperceptions
For all the benefits of application whitelisting, there are still some common misperceptions that thwart enterprise adoption. Some assume, for example, that there is a “whitelist” of trusted, approved applications. But Murphy says if every application and file related to that application needed to be “on the list” prior to installation the approach could only be viable for static computers.

“The real and required approach to application whitelisting is to have adaptive software approval policies that allow trust based on a wide variety of attributes relative to the software, such as the installing user, source directory, parent process, and publisher,” Murphy says. “These attributes allow updates, new versions, patches, and even completely new applications to install without intervention from IT staff or the end user.”

Indeed, newer approaches to application whitelisting remove the administrative burden because each new application or legitimate exception does not require an approval process and a manual change to the database of authorized software. 

“With a trust model, an authorized administrator defines trusted update sources, including authorized users, application publishers and file servers,” de Souza says. “This dynamic whitelisting model is simple, effective, involves no list management and scales very well in large enterprises.”