Blog / Why is Application Whitelisting the King of Cybersecurity?
A Brief History of Application Whitelisting.
To understand the real value of application whitelisting, it’s important to remember the context of this lesser known but powerful cybersecurity defense tool.
As you’ve likely already heard or know by now, the computers NASA used during the original Apollo missions were incredibly advanced for their time. But of course, time marches on, technology evolves as it does, and over the intervening decades computer hardware became dramatically more powerful, so much so that now even cheap, obsolete cellphones have orders of magnitudes more power than the computers that ultimately landed man on the moon. This increased computing power was a boon for technological advancement as it allowed for much more user-friendly computers, operating systems, and software.
On the other hand, however, it’s also allowed hackers and cybercriminals to deploy much more potent attacks as well, forcing cybersecurity practices to evolve as well. This can be directly seen with how passwords and the advice surround them have changed over the past several years. Remember that passwords were originally limited to 8 to 10 characters, and since that time the solution to keeping them secure was just to make them longer and more complicated, leading to modern practices of using different, randomized passwords for each application or website. Furthermore, these days many passwords don’t actually have a limit on their length. In fact, Windows Login has one of the shortest password maximum lengths I can think of, with a limit of 124 characters the last time I checked.
As the threat landscape has evolved, so too have password recommendations. But they’re also no longer the sole defense against unwanted intrusions. Anti-malware software for screening and scanning files, as well as firewalls, password management tools for easily storing and updating long and complicated passwords, and multifactor authentication are all useful cybersecurity tools. However, there is one type of cyberdefense that stands tall and proud above the crowd, and it’s called “application whitelisting.”
What is Application Whitelisting?
The idea behind application whitelisting is simple; computers and other devices in your organization’s fleet can only run a specific set of approved software applications necessary to completing the users’ jobs or objectives. The set of approved applications is known as a whitelist and, once configured, only software from that list can run executable files. Because malware is a different executable, even if it evades detection, the program itself can’t run and needs to circumvent the whitelist before it can infect your machine. This is what makes application whitelisting so effective; even if malware has managed to make it onto a machine, the computer won’t run it. In fact, theoretically a computer could be loaded with malware, but if the machine will only ever run a specific set files, then it doesn’t matter because those files will never activate.
Of course, no matter how useful it is may be, nothing in this world is without its drawbacks, and the same is true when it comes to using tools that enforce application whitelists. Foremost among these is the fact that patches and updates for whitelisted applications can include changes that prevent the application from running, or the update itself may need to be whitelisted to be implemented. As a result, using a whitelist means your organization needs to adjust its approach to handling patches, especially in our current world of frequent, seemingly endless updates. However, if your organization is committed to security, application whitelisting is likely your best option for protecting against malicious executable software.
For more information, or if you’d like to implement application whitelisting at your organization or municipality, contact a TRINUS cybersecurity professional and we’ll be happy to help out with some stress-free IT.
This Shakespeare quote comes from All’s Well That Ends Well; “Moderate lamentation is the right of the dead, excessive grief the enemy to the living.