Whitelisting Cuts Targeted Malware Attack Success Rates By 85%
“The Australian Signals Directorate has identified application whitelisting as the most effective strategy in its Strategies to Mitigate Targeted Cyber Intrusions. The intelligence agency, which operates as part of the Australian government, has reported that application whitelisting and the right combination of patch and administration privilege restrictions can prevent at least 85% of targeted cyber intrusions.”
Application whitelisting is the technology that is being widely adopted in various different security entities, including the Department of Homeland Security, FBI and NSA. The actual technology functions as a list of all known trusted applications and programs. If the application is not on the whitelist, it will not execute.
Application Whitelisting and The Door Man
Think of the whitelist as a door man to an exclusive event. If you’re not on “the list” then you’re not getting in. But what about exceptions? There is always an exception, right? Of course. Maybe you’re really supposed to be on the list, but you’re not. At that point, the appropriate personnel is contacted and a decision is made. This also occurs on with application whitelisting. If you try to execute and program that has not been whitelisted, it will be deemed as “unknown”, and will not execute. Perhaps you know this program is safe, but the whitelist does not. In such an instance, the appropriate personnel or team is notified and they will determine if the program should be whitelisted.
Too Much Work?
This is a critical, and often criticized part of application whitelisting. Due to the approval process, there are concerns with the increased workload for IT administrators, as well as the decreased productivity of employees while waiting for their program to be approved. Cylance states,
“Admins are not malware analysts, so burdening them with making decisions about what applications should run can greatly increase their workload. With a default-deny policy, work can be blocked until an admin makes a decision on a suspect application, slowing efficiency. To make matters worse, administrators are prone to make mistakes when under time pressure.”
What if this problem was resolved? What if an “unknown” file was sent to a third-party malware research team, and they determined its security for you, completely removing the burden from the IT admin team? Sounds pretty perfect, right?
PC Matic Pro
PC Matic Pro offers application whitelisting as their primary method for preventative malware detection. In the case of an “unknown” file, the file is sent to PC Matic Pro’s malware research team to be tested and categorized as either trusted or malicious within 24 hours. If access to the program is urgent, and the user is confident it is a safe program, they can manually add the program to their whitelist. This however, is not encouraged, because it has not been tested and deemed safe.