A good way of explaining application whitelisting, or app whitelisting, is that it is like antivirus turned on it’s head. Antivirus solutions have a signature based approach and work by having a database of known bad malware that will not be allowed to execute. Application whitelisting solutions work instead by having a database of trusted applications and deny execution of all other files, preventing bad as well as unknown programs from executing.
App whitelisting is designed to protect against unauthorised and malicious programs executing on a computer. It aims to ensure that only specifically selected programs and software libraries (DLLS) can be executed, while all others are prevented from executing. Good App Whitelisting solutions will allow you to capture your existing known good files in a baseline, audit your environment to make sure your whitelist is solid, enforce the whitelist but allow you to modify over time to suite dynamically changing environments. A well developed and structure App Whitelisting solution should significantly enhance your security without negatively impacting your operations. Solutions should also ensure they fit your workflow processes and can address specific controls within the regulatory or compliance regimes you need to follow.
The Australian Signals Directorate rates application whitelisting as the most effective security control in their Strategies to Mitigate Targeted Cyber intrusions. Read more about the ASD’s Top 4 here.
Products in our portfolio which address Application Whitelisting.
Airlock App Whitelisitng Airlock Digital (Application whitelisting)