For many years, businesses and consumers have used anti-virus software to protect their computers from malware. As we see in the news every week, security breaches are now increasing in severity and regularity and with IT being integral to how businesses work, security is a top priority for all business stakeholders. While some businesses continue to use anti-virus software, whitelisting software is becoming more popular and provides a more effective method of security.
Whitelisting and blacklisting prevent malware but they do this in opposite ways.
Blacklisting software (or anti-virus software) works by comparing files against a list of known threats. If a file is on the list, then it won’t be allowed to execute.
Whitelisting software in comparison, works by having a list of allowed files and applications. If a file tries to execute that is not on this list, then it will not be allowed.
The difficulty with anti-virus software (or blacklisting) is that is can only protect against known threats. In 2014 alone, there were 317 million new pieces of malware according to a study by Symantec, which shows how fast threats are being created. Anti-virus software has to keep up and add these new threats to their lists so if your business is attacked by a new threat that hasn’t been seen before then it is powerless to stop it.
Additionally, this places a heavy load on your network (downloading new virus definition updates to every PC), and a heavy load on your PC’s (as they scan every file executed against a long list of virus definitions to see if it matches).
The key to whitelisting is that you only have to manage a very short list and anything that is not on this will not execute. This has a number of benefits from a security and management perspective:
Only trusted files and applications will execute, which means that any new threat will be automatically blocked – even if they’ve never been detected before.
By being able to define what programs can run across the business, it makes it much simpler to uphold and maintain your businesses IT policy and have better control over your IT. Users cannot download unauthorised programs, personal programs or even unlicensed software without gaining IT administration permission.
Whitelisting also reduces human error and accidental security issues, such as any malicious files that are mistakenly downloaded or clicked will not run. As well as giving IT administrators peace of mind it also helps give users peace of mind. Most statistics cite human error as a large factor of security breaches – due to accident or lack of IT and security knowledge –and whitelisting reduces the worry and risk for general users.
With any piece of software there are items to consider. A few considerations for whitelisting software include:
Management and maintenance – Whitelisting requires some maintenance as the ‘whitelist’ must stay up to date. If your business starts using a new application, this must be added to the list so it can be allowed.
Blocking desired software – If the whitelist has not been maintained then new applications or those that have not been identified as safe, will not be allowed to run. While this could cause some annoyance for users that have to request access, it could be considered an advantage by ensuring users only run business-approved apps and do not try to download unauthorised software. As internal issues and user errors make up a large proportion of security issues, having this control over what staff can and cannot access or download will give that additional level of security and help enforce an effective IT policy.
Testing – With any solution, the best fit will vary from business to business due to different requirements and internal procedures. One final consideration around this is that whitelisting may not be an appropriate approach for those that carry out a lot of testing and need to access and test lots of new applications.
Whitelisting is an effective element of security – but just having whitelisting software (or anti-virus) does not mean your business is ‘secure’. Whitelisting is only one aspect of security and should be used as part of a larger defence in depth approach in combination with a mixture of other elements, such as firewalls, intrusion protection or behavioural analytics.
There is no ‘one solution fits all’ for business IT and this includes security. If you want to discuss your businesses security, please contact us and we would be happy to work with you to find the best solutions available. We also regularly write about IT solutions and trends - you can stay updated by following us on Twitter.