Application whitelisting is a very effective security method, but very few organizations today know how to use it.
Similarly to blacklisting or restricting sites, whitelisting is a type of software restriction policy (SRP). But, instead of blocking known threats, whitelisting defines your allowed applications and prevents unauthorized programs from running and potentially infecting your environment.
Both are important parts of your group policy, but they take on security from different approaches.
Blacklisting is reactive to known threats, whitelisting is proactive to the unknown.
Application whitelisting essentially works like an “if-than” filter, preventing bad programs or malware from being able to run on your network. This means that as new threats emerge, your business is protected.
Whitelisting in Action
Let’s say you open a malicious email or plug an infected USB drive into your computer. With effective whitelisting, the virus won’t be able to run and breach your network. This will save your business time and money by preventing costly downtime and remediation efforts.
Things to Know
Your network admin will need to block all executable code by default.
Users cannot have modification abilities on programs
All installs or downloads of new applications will need administrator approval. This can create some frustration with your team, so proper communication is key on why these policies are necessary.
Whitelisting is not a “one and done” group policy. It will require regular maintenance and upkeep from your admin as new apps are added and removed from your group policy. It’s best to define an approval process and regular review cycle to stay on top of changes.
Mike Arvidson is the executive leader of Eide Bailly Technology Consulting’s Infrastructure Services. With more than 20 years of experience in the IT industry, Mike’s wealth of knowledge includes network systems implementation, integrated new technologies, and information security.