Whitelisting is a technique to allow content or software to be able to run and deny or restrict anything else. Application whitelisting is a security method that determines what applications are trusted and allowed to run. This technique is often used hand-in-hand with application blacklisting where applications that are not trusted are prevented from running. Whitelisting requires software to determine if software is trusted and apply the appropriate action.
There are three major reasons to use application whitelisting:
- System stability
- Software compliance
Malware and hackers have become increasingly sophisticated often circumventing traditional security controls. Application whitelisting provides an additional protection by preventing untrusted applications from running and intruding into an organization. Sometimes users are unaware of potential malware that can enter through zero-day attacks, malicious attachments, internet downloads, or copying of files from USB or file sharing sites. Whitelisting can make sure that only trusted applications can run while everything else is denied or run with restrictions.
Whitelisting also improves system stability. Just because an application is not malware doesn’t mean it is good. Whitelisting prevents users from installing or running applications that are not approved according to company policy. Sometimes users think they need an application, but it creates stability issues that IT must address.
Likewise, users may install unlicensed software creating a liability for their business. Resulting audits by software vendors can result in costly fines. Whitelisting gives organizations a method to control what and how applications can run.
When used, whitelisting of applications can help organizations:
- Reduce malicious attacks
- Improve user productivity
- Enforce software license compliance