Whitelisting is catching the attention again of enterprise IT, even though it’s been around for quite a while. Whitelisting at the application and file levels are tried and true ways to allow “safe” apps and executables to be launched while blocking those that aren’t designated safe. Yet, it never really became a staple of enterprise security strategies. So why the sudden renewed interest? I would point to a few critical factors:
- The cybersecurity landscape is changing in ways that make whitelisting more valuable
- Whitelisting has become much easier to manage
- Whitelisting can now be deployed in a way that empowers workers while protecting them, reducing worker resistance
Let’s break these down a little more.
The Threats are Evolving
Cybercriminals are using new tactics to penetrate IT’s once well-protected perimeters. They’ve learned that by preying on careless users themselves, they have a much higher probability of infiltrating a secured network. Because workers have “trusted” status, attackers can trick them into opening harmful files, clicking infected links, even downloading executables swarming with malware. And it’s working. Countless news stories about ransomware attacks and breaches point back to individual workers as sources of vulnerability. The most impenetrable perimeter offers little defense against a worker unleashing a threat from inside the walls. IT must augment their security investments with protections at the user level. Application whitelisting mitigates risk from within the network – now making it a “must have” addition to the security mix.
Whitelisting is Easier to Manage
The level of protection offered by whitelisting is only as strong as the list of restricted and permitted apps or files. But keeping lists current is a maintenance burden. And if IT is too strict about the apps that can be opened, worker productivity can take a major hit. Whitelisting was only viable when IT was willing to dedicate the man hours to manually keeping lists fresh and updated. Today, day-to-day manageability of whitelists has drastically improved. Integrations with IT systems and purpose-built tools for managing and monitoring whitelists have come a long way, and many of the needed updates can be automated. File-hash based whitelists ensure that files or apps executed are what they claim to be, and now file hash lists are easier to maintain and update than ever. Whitelisting is now an easy-to-manage reality for the enterprise.
The User Experience has Improved
From the perspective of a worker, their technology exists to make them more productive. But if they’re trying to download an email attachment or their browser requires a plugin, being blocked from doing what they believe they need to do is frustrating. So it’s critical that whitelisting take into account the worker’s context when determining restrictions. In secure contexts, perhaps rules can be loosened to allow for maximum productivity, and tightened again in a less secure working environment. This is why context-awareness is the perfect companion to whitelisting, especially when enhanced with self service and automation.
How does it really work? Here’s an example.
If an app or file is blocked, the whitelisting solution will advise the worker of the potential risk and invite him or her to click directly to a self-service portal to ask that a file be reviewed and added to the whitelist. IT can then leverage automated security testing that quickly notifies the worker whether their app was determined to be safe and added to the whitelist – or whether it was infected and rightfully blocked. When properly enabled, whitelisting can both protect and empower users.
What this means for you.
There is no cookie cutter approach to security. Every organization has a different level of tolerance for risk. And there is no shortage of choices for security platforms or point solutions to mitigate vulnerabilities. But if you’ve investigated whitelisting in the past and weren’t convinced about its practicality, it’s time for a new look. Your CISO and your workforce will thank you for it. Learn more about RES security capabilities here.
*Following the launch of RES ONE Enterprise on February 21, 2017, RES ONE Service Store is now RES ONE Identity Director and RES ONE Suite is now RES ONE Enterprise.