Application Whitelisting Only Works Sometimes – CIOs Need To Know The Facts

by drjim on August 19, 2009

Application Whitelisting Offers CIOs Another Way To Protect Their Networks

Application Whitelisting Offers CIOs Another Way To Protect Their Networks

It’s a battle out there: hackers and organized crime groups vs. your company. Whereas you have to worry about keeping the company successful and lowering costs, all they have to worry about is finding ways to break into your network. Doesn’t seem very fair, does it? There is some good news for CIOs: application whitelisting has arrived.

What is Whitelisting?

The problem with trying to protect your company’s network is that the bad guys are always trying new and innovative things. In order to block them, you have to stay on top of what the latest attach vector is and install defenses against it throughout your network. This can be a real time waster – it’s critical to do, but it contributes nothing to the company’s bottom line.

Whitelisting applications takes a 180-degree different approach to securing your network. Instead of trying to identify and block all of the bad malware variants that are trying to get into your network, whitelisting focuses on identifying all of the applications that SHOULD be allowed to access your network.

This of course means that you need to block everything that is not whitelisted. The theory is that all that malware that shows up will find the door to your network slammed shut on them.

Whitelisting Is Not For Everyone

In some enterprise IT environments, whitelisting is the wrong way to go. In these environments, using application whitelisting can actually drive up operational costs so high that things quickly get out of hand. Ill-suited IT environments are those in which workers need to be constantly installing new and changed applications on the fly in order to complete their tasks.

Where Whitelisting Works Well

That being said, there are IT environments in which application whitelisting works very well. These environments tend to be very static with very few application changes. A great example of this is call centers.

Another example where whitelisting has worked well is in the retail sector where cash register environments are very static and only need to be updated ever six months. Some companies have discovered that they have been able to do away with anti-virus protection (and the associated cost of maintaining it) on those machines.

Final Thoughts

The fight to secure the company’s network from the forces that would do bad things to it is never-ending for CIOs. However, this is not what CIOs should be spending their time on – there is not a bottom line benefit.

Whitelisting of applications provides yet another way to secure the firm’s network by taking a novel approach to security – don’t worry about identifying the bad guys, just worry about identifying the good guys.

Whitelisting won’t work for every environment, but in certain static IT environments it can work wonders. CIOs who can identify the right IT environments in which to use application whitelisting will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Most company’s most valuable asset, after their employees, is their corporate data. CIOs need to find a way to make sure that they know who is accessing it and why.

Be Sociable, Share!

{ 3 comments… read them below or add one }

JT Keating August 19, 2009 at 11:33 pm

Dr. Anderson: Great blog! Loved it.

First, a disclaimer: I work for application whitelisting pioneer, CoreTrace.

With that said, I agree with almost all of the application whitelisting pros/cons you cited in your blog. Almost all whitelisting solutions stop unauthorized applications. Good ones stop attacks within whitelisted applications (e.g., memory-based attacks within whitelisted applications). Really good ones (which are very rare) can handle dynamic environments like desktops and laptops without increasing costs as you described. CoreTrace created a concept called “Trusted Change” that enables IT to establish multiple sources of trust in advance (trusted updaters, trusted digital certificates, even trusted browser plugins like ActiveX). As long as users and systems operate within these pre-defined broad sources of trust, they don’t even know the protection is there and IT doesn’t need to be a bottleneck. Other leading players are working on their version of the same.

Simply put, we all know that application whitelisting cannot become the foundational anti-malware technology until the operational friction is as low as blacklist-based antivirus–and we won’t rest until we have proven it to leading CIOs like you.

Thanks again for raising the issue.

Reply

Dr. Jim Anderson August 27, 2009 at 10:22 am

JT: thanks for providing the extra info. You bring up some very good points – app whitelisting is an important new security tool, but as with all such tools in the past it’s not a magic bullet. CIOs need to understand how to use the tool correctly.

Reply

Emilia Reifer June 17, 2010 at 2:22 am

I use Digg to find stories all the time. It’s great when you don’t have anything else to write about. Nice list.

Reply

Leave a Comment

Previous post:

Next post: