Home Security
PC Matic
PC Matic VPN
More Products
Support Unlimited
Identity Theft Protection
PC Magnum
Threat Awareness
How PC Matic Protects You
SuperShield Whitelist
Compare PC Matic
Norton
McAfee
Avast
AVG
Business Protection
PC Matic Pro
PC Matic MSP
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
Compare PC Matic Pro
ThreatLocker
Airlock Digital
VMware Carbon Black
AppLocker
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
OEM Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
Tools & More
Ransomware Center
Internet Speed Test
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

Application Whitelisting Included In NSA Best Practices

Application whitelisting is a must in today’s cyber security world…

When it comes to security software, far too often protection comes in a reactive approach.  In dealing with today’s cyber security threats, reactive approaches are not sufficient, considering remediation is not adequate against many cyber threats, such as ransomware.

This is where the industry needs to catch up.  Today’s security needs a proactive approach.  The answer to that is application whitelisting.  In 2015, PC Pitstop founder and CEO, Rob Cheng, was quoted in eSecurityPlanet regarding his thoughts on application whitelisting.  Since, the FBI has encouraged application whitelisting.  We are happy to hear the NSA has joined the belief that application whitelisting provides superior security for endpoint protection by striking a perfect balance between security, performance and manageability.

Blacklist or Whitelist?

Security software works either by using a whitelist or a blacklist approach.  Most security software products on the market use what is called a blacklist.  This is a list of all of the known malware.  The problem with this methodology is that malware is always morphing.  Once it is detected, the malware authors change a few pieces of code, making the malware no longer detectable to the traditional blacklist.  This is where the blacklist fails you.  If you were to click on a malicious attachment, your security software would scan it, and if the malware is not on the blacklist, then it is deemed safe.  The file opens, and boom, you’re infected.

Application whitelisting technology is a list of all of the good programs.  So, no matter how many times malware authors change their code, it will never be a safe program.  Taking the same example, you click on a malicious attachment, the security program scans it and realizes it is not on the whitelist.  The file will not open.  Instead, it is sent to be tested to determine if it is safe or malicious.  Assuming it is safe, it is added to the whitelist.  If it is malicious, it gets added to the blacklist, so other security software platforms will not allow it to open.

To ensure appropriate protection, a whitelisting agent should be used.

If you have any questions about the difference between the blacklist and whitelist approaches, please post below!

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles