Controlled access is at the core of data protection. Bad actors can only extract confidential information if they can get to it. Blacklisting and whitelisting are two of the more widely used techniques for network security. While blacklisting specifies the applications that are disallowed, whitelisting is restrictive and blocks everything else except the list of permitted apps.
More than 450,000 new malware and unwanted applications registered each day
With more than 450,000 new malware and unwanted applications registered each day by the AV-TEST Institute, blacklisting can only go so far. Whitelisting is the more effective means of guarding confidential data by making it harder for malware and cybercriminals to break through your defenses. Still, whitelisting is only as effective as the quality of its implementation. It’s important that you get it right.
Here are some best practices.
Perform a Risks Assessment
Whitelisting is an extremely restrictive control. It has an impact on application functionality and the ability of users to discharge their responsibilities. Before you implement it, perform a risk assessment that determines if the benefits of application whitelisting outweigh the impediments to everyday operations this may come with.
Note that even if you do a thorough job in creating a whitelist to minimize inconvenience, there will be substantial disruption at the beginning that will require considerable tweaking to get it right. So, weigh the cost and only proceed if it is the better option for you.
Scan the Network
By the time you are thinking about establishing a whitelist, there may already be malicious applications running on your network. To make sure you are starting with as clean a slate as possible, run a scan of the network. This should not only unearth the business applications that are running but also any malicious and unauthorized software you need to weed out.
Running this scan and performing a cleanup before application whitelisting makes investigation of any future security breaches easier. You will have some degree of confidence that any malware infiltration you pick up in future likely occurred after this scan and post-creation of the whitelist.
Inventory and Classify Applications
Inventory all applications in use by your business in case you do not already have a list of these. Capture information such as name, version, purpose, and the departments that use it. Note the software publisher as well since this is a risk factor. Applications from major publishers are less likely to carry malware. Inventorying applications helps capture software employees install and use without obtaining proper authorization.
Applications from major publishers are less likely to carry malware
Once you have your list, classify these applications based on how important they are to the business. At the minimum, you could have a list of essential apps and non-essential apps. If you want to take it further, create a priority ranking of all apps then set a cut off where apps above this are placed on the whitelist. Irrespective of the classification technique you use, create a whitelist access policy where you permit only the applications that satisfy the predetermined criteria.
A whitelist isn’t all or nothing. After all, the goal is to restrict access to only the applications that need it. So, apply the principle of least privilege. Fine tune your whitelist by granting varying levels of access to different applications depending on what permissions users require to discharge their duties smoothly.
Apply the principle of least privilege
Evaluate each application on the whitelist and define what level access is needed. Your IT team should work with the departments that use the application to minimize workflow disruption.
The applications that form your organization’s technology ecosystem are in flux. Apps are retired and new ones procured. Existing apps have newer versions released. Apps may also move up and down the priority list depending on your organization’s evolving needs and strategy.
All this means that a whitelist is not something you can afford to do once then forget about for good. It needs to be reviewed on a regular basis to make sure the organization is always protected from harm.
Integrate Within Cybersecurity Strategy
Application whitelisting is a highly effective security control. Still, it is not a silver bullet that quashes all cybersecurity risks. The cyber risks your organization is exposed to are vast and no single tool can protect you from them all. Whitelisting must therefore be integrated within your overall cybersecurity strategy.
Complement it with other techniques such as an antivirus, patch management, email security and DNS filtering. That way, if whitelisting fails to stop a threat from passing through, there are other tools that could arrest the problem before it proliferates.
Whitelisting allows you to create a benchmark for applications’ network access. It’s as close as you can get to exercising maximum control of your technology environment. As long as you have not explicitly allowed an application to get through, its likelihood of entry is slim.
Application whitelisting is best reserved for mission-critical environments where the need for high level security outweighs the advantages of unrestricted functionality.
If you are looking to set up a whitelist for your network or improve your current one, book a call.