Application Whitelisting Cuts Cyber Crime by 85%

Whitelisting Cuts Targeted Malware Attack Success Rates By 85%

According to a report generated by Cylance, the Australian government believes cyber crime can be cut by 85% with the implementation of application whitelisting.  The report states,

“The Australian Signals Directorate has identified application whitelisting as the most effective strategy in its Strategies to Mitigate Targeted Cyber Intrusions.  The intelligence agency, which operates as part of the Australian government, has reported that application whitelisting and the right combination of patch and administration privilege restrictions can prevent at least 85% of targeted cyber intrusions.”

Application whitelisting is the technology that is being widely adopted in various different security entities, including the Department of Homeland Security, FBI and NSA.  The actual technology functions as a list of all known trusted applications and programs.  If the application is not on the whitelist, it will not execute.

Application Whitelisting and The Door Man

Think of the whitelist as a door man to an exclusive event.  If you’re not on “the list” then you’re not getting in.  But what about exceptions?  There is always an exception, right?  Of course.  Maybe you’re really supposed to be on the list, but you’re not.  At that point, the appropriate personnel is contacted and a decision is made.  This also occurs on with application whitelisting.  If you try to execute and program that has not been whitelisted, it will be deemed as “unknown”, and will not execute.  Perhaps you know this program is safe, but the whitelist does not.  In such an instance, the appropriate personnel or team is notified and they will determine if the program should be whitelisted.

Too Much Work?

This is a critical, and often criticized part of application whitelisting.  Due to the approval process, there are concerns with the increased workload for IT administrators, as well as the decreased productivity of employees while waiting for their program to be approved.  Cylance states,

“Admins are not malware analysts, so burdening them with making decisions about what applications should run can greatly increase their workload.  With a default-deny policy, work can be blocked until an admin makes a decision on a suspect application, slowing efficiency.  To make matters worse, administrators are prone to make mistakes when under time pressure.”

What if this problem was resolved?  What if an “unknown” file was sent to a third-party malware research team, and they determined its security for you, completely removing the burden from the IT admin team?  Sounds pretty perfect, right?

PC Matic Pro

PC Matic Pro offers application whitelisting as their primary method for preventative malware detection.  In the case of an “unknown” file, the file is sent to PC Matic Pro’s malware research team to be tested and categorized as either trusted or malicious within 24 hours.  If access to the program is urgent, and the user is confident it is a safe program, they can manually add the program to their whitelist.  This however, is not encouraged, because it has not been tested and deemed safe.

PC Matic Pro also offers patch management services.  According to Cylance, this is also a critical piece to preventing 85% of targeted malware attacks.

(Visited 2,266 times, 1 visits today)

5 thoughts on “Application Whitelisting Cuts Cyber Crime by 85%

    • Raymond, please reach out to our support team at http://www.pcmatic.com/help. Our trained staff will be able to assist you in whitelisting any unknown files, in the event you do not want to wait for our malware team to test them first. Thank you!

  1. Whitelisting certainly has its merits worth discussing, but the headline is a bit misleading. When you read the actual text of the article, the 85% refers to the benefit of implementing whitelisting IN ADDITION TO “the right combination of patch and administration privilege restrictions.” So we’re not told how much of that 85% can be attributed to the whitelisting by itself.

  2. A white-listing program, like PC-Pitstop, in theory is a good way to go. But in practice, at least as it’s worked (or not) for me, perhaps not. I think there’s a presumption that the user will know how to set up the program; that implies that the program is furnished with an easily-accessed user guide. But when the user guide is absent, which it seems to be with PC-Pitstop, I am left to wonder whether I bought a pig in a poke, and whether I should compound the problem by renewing my PC-Pitstop license. A “once burned, thrice shy” sort of thing.

Leave a Reply

Your email address will not be published. Required fields are marked *