small align text-align-left refresh
Informational Series

What is Whitelisting?

text_image_eight full_width

Featured eBook

Application Control for Dummies

Application control helps you handle the ever-increasing number of threats to computers and devices on a corporate network. As security threats and malware have evolved, so too has the need for technologies like application control. Gone are the days when malware might redirect the user’s search engine. Now, targeted attacks are common, and security attackers make a living from finding and exploiting vulnerabilities.

Read Now

basic_heading secondary align text-align-left color text-black refresh

Let’s Define Whitelisting

text_image_eight full_width

Application whitelisting, or application control, is a security capability that significantly reduces malware and other harmful security attacks by allowing only approved and trusted files, applications, and processes to be installed and run on a system.

To block unauthorized activities that could potentially initiate a harmful attack, companies are using application whitelisting, or application control, to strengthen their perimeter security. Whitelisting identifies known files, applications, or processes and allows them to execute. Conversely, unknown activities are blocked or restricted, which prevents them from opening up and spreading within a system or environment in an attack mode.

Some companies review the blocked files manually to approve usage or remediate where necessary. However, advanced endpoint security solutions can execute whitelisting processes automatically through software controls and protection policies that completely lockdown and secure corporate assets, intellectual property, and regulated data. These solutions reduce downtime by automating the approval of trusted software and eliminating the need for whitelist management.

 

padding refresh
 
text_image_two refresh

What makes a rootkit so dangerous?

In this episode of "The 101" we learn more about a malware type that is widely panned as the most dangerous type out there - rootkits. Now that’s a bold statement, so in order to understand why that is, today we ask: “What makes a rootkit so dangerous?”

To view this and other episodes of "The 101" click here.

basic_heading secondary align text-align-left color text-black refresh

How Effective Is Whitelisting?

text_image_eight full_width

While whitelisting is being touted as a security essential (see the Industry Pulse below), it is only one of many tools that provide complete and comprehensive endpoint security.

When it is combined with other advanced techniques like behavioral analysis and machine learning, whitelisting is a significant contributor to blocking and preventing malicious attacks.

As an example, NSS Labs, an independent organization that provides cybersecurity guidance, tested Advanced Endpoint Protection (AEP) products to determine their effectiveness. The goal of the test was to validate the proactive blocking and active detection capabilities for known and unknown threats.

As seen in the company’s 2017 Security Value Map for Advanced Endpoint Protection, NSS Labs’ test proved that it is possible to use tools like whitelisting and other endpoint security capabilities to stop 100% of the attacks.

basic_heading secondary align text-align-left color text-black refresh

Industry Pulse: Whitelisting as a Core Security Strategy

text_image_eight full_width

Security experts have called whitelisting a must-have, foundational security strategy that has the ability to stop nefarious attacks such as ransomware.

What is Whitelisting? Data Graphic

In fact, an article on CSO suggests that real-time whitelisting based on recommendations, reputation scores, and other data can theoretically “offer the promise of nearly-perfect endpoint security with very low management overhead.”

Help Net Security recently shared a similar perspective from a senior security and privacy Gartner analyst, Neil MacDonald, on how whitelisting can be used to block malicious attacks. “To lessen the risk of future attacks against vulnerabilities of all types, we have long advocated the use of application control and whitelisting on servers,” says MacDonald. “ If you haven’t done so already, now is the time to apply a default deny mindset to server workload protection – whether those workloads are physical, virtual, public cloud or container-based. This should become a standard practice and a priority for all security and risk management leaders in 2018.”

Phil Hagen, a digital forensic and incident response (DFIR) strategist at security solutions company Red Canary, agrees with MacDonald. In a recent blog, Hagen notes that “application control solutions like that offered by our partner Carbon Black are absolutely the single most meaningful step toward prevention that an organization can take. This methodology ensures that only a list of approved binaries can run on the systems within an enterprise. Whether the phishing payload is garden-variety ransomware or highly-targeted custom malware, the price of becoming a victim generally reaches far beyond that of deploying and maintaining a whitelisting solution.”

basic_heading secondary align text-align-left color text-black refresh

The Answer: Real-Time Dynamic Whitelisting

text_image_eight full_width

In today’s high-risk cyber world, it’s critical to have a complete endpoint security solution that includes whitelisting so that sensitive data is continually protected. Based on strict policies of allowable activities, whitelisting and application control allows for critical system lockdowns in real time that automatically prevent all untrusted files, applications, and processes from executing. With these sophisticated capabilities, companies can:

  • Stop attacks by allowing only approved software to run

  • Automate software approvals and updates via IT and cloud-driven policies

  • Prevent unwanted change to system configuration at the kernel and user mode levels

  • Power device control and file integrity monitoring and control (FIM/FIC) capabilities

  • Meet IT risk and audit controls across major regulatory mandates

basic_heading secondary align text-align-left color text-black refresh

How Can You Use Whitelisting Effectively?

To learn more about how whitelisting can help you protect your endpoints, access these resources:

resources refresh
basic_heading secondary align text-align-left color text-white refresh

Learn More About Carbon Black

three_up_cta_cards