Anti-malware as we know it, is not working. Is application whitelisting the answer? An increasing number of experts think so. Find out why.
It seems the time has come to rethink how we fight malware. Anti-malware applications based on signature blacklists and heuristics derived from previously-observed behavior aren't good enough. So what is? There is a growing consensus among experts that application whitelisting needs to be part of the solution.
IT managers are starting to think more about application whitelisting as well. That's because independent testing indicates application whitelisting is maturing into a viable endpoint-security solution. The same managers also realize application whitelisting can simplify regulatory compliance and software license assurance.Regulatory compliance
Compliance with industry and government standards is becoming the norm. That's understandable, compliance demonstrates publically, the organization's concern for data security. The following are two examples of how application whitelisting helps companies comply with standards:
- Payment Card Industry Data Security Standard (PCI DSS): Whitelisting helps maintain PCI DSS compliance by assuring only authorized software and portable storage devices are allowed.
- Sarbanes-Oxley (SOX): As with PCI DSS, conforming to the SOX standard requires control and accountability of software and data storage. Whitelisting by its nature regulates that, along with providing the required audit trail.
Determining what is installed on workstations at SMBs can be a significant undertaking. Now consider large enterprises; it's almost impossible without some kind of automated-tracking software. One such solution is to use whitelisting. Doing so assures you of the following:
- Only management-approved software is allowed on workstations.
- Licensing-compliance issues within the organization and with the Business Software Alliance are eliminated.
One ancillary benefit of software-license assurance is the reduction of helpdesk overhead. Only whitelisted software needs to be supported.Endpoint security
The goal of any anti-malware application is to prevent the installation of malicious code. As hard as they try, developers relying on blacklists are doomed to failure. Why? Blacklisting is reactionary, thus ineffective against zero-day malware. By only allowing designated software to run on workstations, malware can not gain a foothold.
Whitelisting also provides the following security features:
- Storage devices: Whitelisting has the ability to securely control portable storage devices. For example, application whitelisting can audit or prevent files from being copied to or from portable storage devices.
- Unknown files: There are times when it's imperative to identify an unknown file. Whitelisting applications have either a client or Web-based add-on to accomplish that.
Well, that's the high-level view. Over the next few weeks, I'm going to dissect two of the more prominent application-whitelisting offerings and look at the major anti-malware companies, as they are starting to integrate whitelisting.
Michael Kassner is currently a systems manager for an international company. Together with his son, he runs MKassner Net, a small IT publication consultancy.