Application Whitelisting – The Active Defense Against Ransomware

Whitelisting – The Last Best Resort

Ed Tech Magazine recently wrote an article on application whitelisting as an active defense against ransomware in the education sector.  Although we agree that whitelisting, or a default-deny approach, is proactive to ransomware prevention, their analysis warrants further investigation.
Ed Tech author, Karen Scarfone states,
If other security controls don’t stop the ransomware, the last layer of defense is application whitelisting.
Application whitelisting can sometimes be the last layer of defense and ultimately the most secure layer in an environment. Common recommendations among analysts are to enforce strict firewall rules and protections as your first line of defense. When combined with application whitelist this provides a very secure environment.
Scarfone goes on to state,
With this technique, an operating system allows an executable to run only if the school district has specifically approved its use. Depending on the whitelisting technology, a school district may grant executables permission to run based on methods such as file hash or software vendor identity.
In some cases, the software authorizes new executables to run only if they were acquired by the OS’s built-in update feature. Even if a user is tricked into downloading and installing ransomware, whitelisting technology prevents the user from running it, regardless of his or her privilege.
All of this is accurate. The execution of an application whitelist approach will ultimately depend on the method chosen. PC Matic Pro employs a globally automated whitelist that is updated with the latest good applications in real-time. Instead of leaving the burden on the IT staff to determine if an application is safe to run in their environment, PC Matic Pro’s staff of malware researchers categorizes unknown software that is blocked in each users environment. If this application is safe and found to be good, it’s added to our global whitelist which benefits all users. In addition, common software from known publishers is whitelisted by digital signature. Digital Signatures allow you to verify the integrity and source of software to seamlessly allow software from vendors like Microsoft and Adobe, among others.
Scarfone continues,
However, to be truly effective, whitelisting must be kept up to date. Any errors in configuration could inadvertently prevent legitimate software from running or mistakenly allow ransomware or other malware to spread.
Scarfone is completely correct. Keeping an application whitelist accurate is important in blocking today’s cyber security threats. Within PC Matic Pro IT Admins can override and add custom applications into their company whitelist immediately. However, they can also rely on our professional malware researchers to ensure an application is in fact good. The team will automatically analyze and categorize unknown applications, with good applications added into our global whitelist.
School districts should carefully evaluate whitelisting solutions and, whenever feasible, run them first in monitor-only mode to confirm proper operation before enforcing whitelisting policies.
Once again, she is correct. Running a whitelisting solution in a monitor-only mode first is important. This will allow the IT professionals to determine which programs will be blocked from executing, as they may not be on the solution provider’s whitelist. PC Matic Pro includes a diagnostic mode to find unknown applications that would be blocked on active deployment. The IT Admin can then locally whitelist that application across their company, or rely on the PC Matic malware team to globally whitelist that application; again removing the work required from the IT Admin. When investigating with whitelist is best for your organization, be sure this feature is available.

1,089 total views, 15 views today

(Visited 95 times, 1 visits today)

One thought on “Application Whitelisting – The Active Defense Against Ransomware

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.