Application whitelisting is one of the ‘Essential Eight’ cyber security mitigation strategies established by the Australian Cyber Security Centre (ACSC). It is one of the most effective mitigation strategies in cyber security. The Essential Eight are a list of eight strategies and the ACSC recommends they be implemented to protect the digital assets of businesses.
Due to concerns by the Australian government over the cyber threats posed by malicious actors in the very near future, the Essential Eight will be mandatory for all 98 non-corporate Commonwealth Entities (NCCEs). The ramifications of this legislation will have ramifications for all Australian businesses. While it is not mandatory for other organisations, NCCEs will be audited to check compliance, and they may not be able to engage with businesses who don’t comply.
What is application whitelisting?
An application whitelist is a list of approved programs that an IT system considers safe to run or install. On a technical level, the application whitelist is managed on the operating system across IT infrastructure.
Application whitelisting software checks every time there is a request for an application installation or execution. The list can include safe applications, software libraries, scripts and installers that are safe. Files that are on the list are not permitted to run. Similarly, any unauthorised applications considered unsafe can be added to an application blacklist.
Is application whitelisting enough?
The pandemic has brought with it an increase in cyber security risk. Businesses can no longer afford to delay protecting their digital assets. They must work proactively not reactively.
A cyber-attack whereby customer or client personal information is compromised can severely hurt a business and some never fully recover. An application whitelist must be used in conjunction with other mitigation strategies, those of which are detailed in the Essential Eight which includes antivirus software scanning and other cyber security strategies.
Application whitelisting stops malicious code from running, but it doesn’t stop all of it. Some of it is too sophisticated and requires a different approach. In supply chain attacks for example, malicious code is deployed via third-party vendor software. This is done secretly by threat actors without the vendor knowing anything about it.
When an update, release, or security patch is deployed to their thousands and thousands of clients, the whitelist will allow it to run because it has been pre-approved as safe. To block supply chain attacks businesses must scrutinize the cyber security policies of third-party vendors before adding them to their whitelist.
For applications on the whitelist, security experts can monitor their installation and create checks to make sure they are installing as expected and that there is no suspicious behaviour.
Whitelisting is also helpful regarding its logging functionality, which can highlight any suspicious activity – if any files try to run that are not on the whitelist for example. This kind of logging can be useful in monitoring the health of an IT system.
Is application whitelisting really needed?
Malicious actors work actively to gain access to IT systems to make money or for other purposes. Each attack has its own goal and often the more sophisticated ones are planned out meticulously. Cyber criminals can do all sorts of damage when they attack. Application whitelisting is one way that businesses can stop malicious code from gaining access to systems.
Once malicious code, which is also called malware, gains access it might send itself to all email contacts on the company mailing list. This is called a phishing attack. The recipient believes the email is from a reputable source, so they are vulnerable to its request. They might provide personal information or click on malware attachments.
Another common cyber-attack is a ransomware attack. Malicious actors invade and then hold the digital assets of the company at ransom until a sum of money is paid. They threaten to share sensitive information on the internet. However, even when the money is paid, they may still share that information.
Application whitelisting is necessary because it creates another hurdle that cyber criminals need to jump over, acting as a further deterrent.
Security experts with vast experience across cyber security mitigation strategies are the best placed to help create and manage an application whitelist. Contact the experts at Lindentech to find out more.