What is Application Whitelisting?
Application whitelisting is the enterprise security practice of specifying a pre-approved list of software applications allowed to run on a particular computer system. It is a proactive security measure to prevent potentially harmful applications from interacting with protected computers and networks at the expense of end-user control. Subsequently, secondary benefits include the ability to manage, reduce, or control the demands on system resources by curtailing extraneous applications, which leads to improved system speeds and fewer system crashes.
In general, whitelisting is a network security approach best executed in centrally managed environments and systems with consistent workloads for situations such as high-risk environments where security is stressed over limitless software use. In addition to approved applications, flexibility can be granted by approving application components, like software libraries, plugins, extensions, and configuration files.
How does Application Whitelisting work?
Implementing application whitelisting begins by forming a whitelist of approved applications, when a program executes it is compared to the whitelist, if found on the list it is permitted to execute. A further measure called hashing provides an integrity check of the listed program to ensure it is the program it says it is in an attempt to detect and prevent “mimic” programs designed to infiltrate the unsuspecting system.
What are the benefits of Application Whitelisting?
There are several advantages to using application whitelisting; however, not all solutions provide every advantage. With third-party solutions, they tend to include additional features with richer reporting and alert capabilities.
- Protection against ransomware and other malware attacks: Traditional anti-virus software has been signature-based, requiring a database of known signatures to be maintained and updated with discoveries. Whereas whitelisting is an active approach, restricting all code and then granting approval to trusted applications.
- Restricting unauthorized applications improves resource management: Application whitelisting provides blanket control over system resources eliminating the threat from resource squandering malware, ransomware, or end-user applications.
- Eliminates software license compliance metering: By restricting the use of unauthorized applications, IT departments are better able to gauge their compliance with software license agreements and prevent the risk of violations.
- Reduce IT department costs: With greater control over system resources, fewer crashes, and a focus on a specific set of applications, IT automation can reduce costs in areas such as their help desk, system maintenance and upgrades, and human resources.
How is Application Whitelisting different than blacklisting?
Application whitelisting, unlike blacklisting which allows all and prevents some, is a restrictive approach to enterprise security that prevents all applications from running and allows some. At first glance, whitelisting may appear to be a better security technique, but there is still no consensus on which technique is best. Some support a proactive approach to application security, others a reactive approach
- Blacklisting proponents point to the difficulty inherent in applying a whitelist to a complex system with many users, all with distinct demands and needs. Whitelisting is complex and difficult to manage, they say, pointing to the practical concerns of maintaining a growing list of approved applications that keeps current with the demands of the business and its increasing interconnectedness.
- Whitelisting proponents support a proactive approach and argue that the time and effort put into preventative measures far exceeds the potential risks to resources, data, and system, and by allowing an open-door policy for unknown applications courts costly disaster.
What are the risks of Application Whitelisting?
Application whitelisting may lead one to conclude that it is an all-encompassing security solution; however, it is not, and should not be treated as a substitute for traditional security measures such as firewalls, DMZs, Virtual Machines, Network Segmentation, proper network configuration, or user authorization, and should be used in combination with emerging security technologies.
Whitelisting does present risks and challenges:
- Malicious Masquerading Application Risk: Attackers that understand application whitelisting and the preventative hashing measure have created malicious code that mimics approved applications in size and name, with the intention of replacing the whitelisted application with an imposter. Cryptographic hashing and digital signatures linked to their software developers are just some ways to combat maliciously masquerading applications.
- End-User Workflow Risk: Whitelists potentially prevent end-users from accessing specific or new applications. Some organizations may allow their employees to request approval for application whitelisting inclusion, but this process could cause delays or have a negative impact on employee morale.
- Whitelist Management Risk: Maintaining a current whitelist may prove time-consuming, and a company’s ability to automate the process of managing the whitelist, fully or partially, is a significant benefit to superior application whitelisting solutions.
VMware Application Whitelisting related Products, Solutions, and Resources