Application Whitelisting and Blacklisting
Application whitelisting software can provide advanced protection for Windows systems. Malicious software is more complex and challenging than ever. With advanced persistent threats such as Flame, Stuxnet, and Aurora, traditional malware protections are being circumvented. Arellia Application Control Solution works by:
- Allowing trusted software to run
- Allowing potentially trusted software to run securely
- Blocking untrusted software
Why Application Whitelisting?
Advanced threats use many methods to infiltrate an organization including zero-day vulnerabilities. According to research by Symantec, the average time for detection of zero-day vulnerabilities is 300 days. Zero-day attacks are used against specific targets making them difficult to detect.
In 2011, the average cost to resolve a cyber-attack was over $500,000 according to the Ponemon Institute’s 2012 Cost of Cybercrime Study. 78% of costs come from malicious code, denial of service, stolen or hijacked devices, and malicious insiders.
With ever growing costs and more complex attacks, application whitelisting provides an advanced layer of protection.
How Arellia Helps
Arellia’s approach to application whitelisting involves different layers of trust and application enforcement actions. Whitelisting allows trusted applications to run unmodified. Orangelisting, also known as graylisting, targets potentially trusted applications allowing them to run in a protected mode. Blacklisting denies all untrusted applications.
- Whitelisting Options
- Application File Attributes
- Digital Certificates
- File Hash
- File Ownership
- Reference Systems
- Signed Security Catalogs
- Software Packages
- Orangelisting Actions
- Limit File Access
- Reduced Process Rights
- Virtualized Execution
- Blacklisting Options
- Application Attributes
- File Hash
- Untrusted Applications
Gartner states: “By putting endpoints into a default deny posture against unknown software, organizations may reduce risk, lower support costs, increase visibility, and improve compliance.”
With Arellia’s application whitelisting, Windows systems are put into a default deny posture reducing the risk of infection, lowering support costs with a more stable environment. Increased visibility occurs with application inventory.