This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
SANS Institute breaks down application whitelisting, including use cases and considerations.
Blacklisting undesirable applications still has its uses. However, with today's more dynamic computing environments, rapidly evolving threat landscape, and rigorous compliance mandates, blacklisting has reached its limits. Its heavy signature requirements make it unwieldy, the need for systems to regularly call home for signature updates make it inconvenient. Not to mention, it's also reactive: Blacklisting requires having advanced knowledge of the application (signature) and an unbeatable sensory method for reading signs of malicious activity.
Because of these inconveniences, application whitelisting (allowing only approved applications to run and blocking all others) is making its way into IT organizations to achieve compliance and protect systems from malicious applications executing on them.
This white paper defines why application whitelisting is important, differentiates the two approaches to application control (whitelist vs. blacklist), and discusses where the adoption of application whitelisting is most applicable. It discusses the applicability of application whitelisting on dedicated systems and in enterprise cases, while examining compliance implications and offering best practices.
Written by: SANS Institute
Sponsored by: McAfee
Offered Free by: McAfee See All Resources from: McAfee