Application whitelisting
is often incorrectly regarded as a last-ditch security tool which is only
useful in closed systems. In fact, whitelisting policies afford a tremendous
degree of flexibility. Application whitelists can be generated automatically by
using established reference lists, or manually, by adding preferred programs to
an administrative panel. But many businesses forget that whitelisting can be an
equally powerful monitoring tool.
Instead of blacklisting
programs not on the included policy, whitelisting programs can be used to
monitor those software systems whose file attributes or locations do not match
the perimeters of the whitelist. Whitelist monitoring enables organizations to
gather valuable data on how and where certain programs are being run within a
network. In addition to revealing consumer applications being run
surreptitiously by employees, whitelist monitoring techniques can uncover both
malicious software and potential vulnerabilities.
Since most organizations
-- especially larger companies -- will generally use the same suite of
applications again and again, anomalies uncovered by application monitoring can
be revealing. Vigilant monitoring can be one of the best lines of defense
against security concerns like advanced persistent threats, and applications
executing on single, isolated systems may be harbingers of a targeted threat
against an organization.
Application whitelisting
can, therefore, be a valuable tool for both endpoint security and systems
intelligence. Organizations which use whitelisting as a monitoring tool can,
after all, always choose whether to deploy stricter application policies after
reviewing intelligence data. Considering the average cost of resolving a cyber
breach is nearly half a million dollars (see the 2012 Ponemon study),
organizations would do well to invest in reliable security methodologies.
And while most cyber
crimes stem from malicious external parties, larger businesses must contend
with potential insider threats. Former and current employees often have
intimate knowledge of a company's IT system, and finding vulnerabilities in
systems security is much easier for someone with ongoing physical access to
that infrastructure.
Insider threats, while
rare, often culminate in a great deal of damage because the hacker's attack
targets an especially vulnerable area of a system or network. In addition to
the damage caused by Trojan horses and worms, malicious insiders could also
re-route money, corrupt valuable data, or alter client information.
While anti-virus
programs, firewalls, and data archival techniques are good defenses against
insider threats, application whitelisting offers a more complete defense.
Whitelisting uses a strict default-deny policy against any program not on a
pre-defined list.
Unlike traditional
blacklisting techniques, which must maintain and update expansive lists of
prohibited files, a whitelisted environment allows only trusted programs to
run. Application whitelisting has the additional benefit of being extremely
cost effective, and don't share many of the costs associated with blacklisting
updates and maintenance. The result is more secure, "closed" system
which malicious insiders will find more difficult to thwart. Application
whitelisting is even more effective with privilege management software, which
regulates administrative settings to prevent programs or malicious users from
changing important system settings.
The risks associated
with insider threats will become more relevant as cloud-based computing grows
increasingly popular among office applications. Because attacks on cloud-based
databases have the potential to affect users across multiple networks and
platform, internet security professional who have for years relied on
traditional blacklisting techniques, will no doubt seek out whitelisting
alternatives to combat insider threats.
Learn more about application whitelisting and
how you can prevent insider threats at http://www.arellia.com
Article
Source: http://EzineArticles.com/?expert=Caleb_S.
Article Source:
http://EzineArticles.com/7981584
No comments:
Post a Comment