Whitelisting is Effective, but Automating is a Must…
With cyber security threats growing, businesses must take a proactive approach to their data and device security. According to SC Magazine, there is one methodology that has been proven to be effective in blocking modern cyber threats, including ransomware.
“According to numerous resources on ransomware, one strong and effective technique for dealing with end-user equipment is to implement application whitelisting.”
However, the use of whitelisting isn’t always efficient. Philip Moya, IT director at the San Antonio Gastroenterology Associates, tested the implementation process of an unnamed whitelisting solution. After conducting his study, he reported,
“…without helpful automation, the amount of time and effort involved in whitelisting makes it impractical and infeasible.”
For those considering the use of whitelisting, this feedback is incredibly valuable. Users must understand how whitelist solutions may, or may not, automate the process of whitelisting. Without proper automation, the IT admin could face a significant increase in workload and a decrease in office productivity.
What Does PC Matic Automate?
PC Matic focuses on automating the process of whitelisting new, good applications that are unknown. Good software applications are constantly being created or updated and released to be installed by consumers all over the globe. This presents challenges for IT Admins that must stay on top of the applications their employees need to utilize. Instead of leaving this work to the IT Admin, PC Matic automates the process and tackles 99% of the work with Global Whitelisting.
How Does PC Matic Automate the Whitelisting Process?
When a PC Matic user attempts to run an unknown application, it’s immediately blocked from executing. However, the chain of events doesn’t stop there for the PC Matic team. In fact, it’s just beginning. Following the block, if this is the first time any of their customers have run this file, information about the file including the file itself is uploaded to PC Matic servers behind the scenes. This requires no action by the user or IT Admin.
Next, that application enters several stages of confidential analysis by the PC Matic malware research team and their automated protocols. If the application is deemed good, it will be added to the global whitelist for all PC Matic users to run immediately. If the application is bad it will be quarantined and removed from endpoints in the future.
This whitelisting process also applies to another aspect of an application: digital signatures. Digitally Signed software follows best practice recommendations by most experts and Microsoft themselves. It also ensures that software is coming from that publisher and hasn’t been tampered with or altered along the way. PC Matic’s research team maintains an expansive list of trusted software publishers allowing any software they have digitally signed with a valid signature to run without ever being blocked or going through a categorization process. This process helps to reduce the need to individually whitelist every single good application in existence.
How does that differ from normal whitelist solutions?
Traditional whitelist solutions offer the same default-deny security approach that PC Matic does, however they require the admin to take on all of the work. All applications must be approved to run in the environment. This can often entail weeks worth of work over the learning process to begin installs. Following a full deployment, the work doesn’t end. Now, each new unknown application that wasn’t in the original whitelist needs to be vetted by the IT Admin and a determination must be made whether it should be whitelisted or not.
Several newer whitelisting solutions have added ways to make whitelisting slightly easier. This often includes starting with a known clean golden image to build the whitelist and then creating all other computers from that image. This could work great for a new environment but not an existing one. There are also ways to whitelist by directory or folder on the machine. This is not, however, the best option, as it may open up security holes allowing anything that executes out of that directory to be trusted.
Finding the Right Solution
There is no doubt, whitelisting is the most effective means to block modern cyber threats. However, from a business perspective, a security solution cannot just be effective, it must also be efficient. Running a program that interferes with daily tasks, decreases productivity, or creates more work for the admin is not feasible.
Until recently, application whitelisting was known as an effective, but inefficient solution to data and device security. Now, there is a whitelist option available that is not only effective but properly protects network devices and data without impacting the functionality and efficiency of business operations.
