Application Whitelisting

What is Application Whitelisting?

Application whitelisting is the practice of defining approved software within an organisation that is able to be installed and run within the environment. Application Whitelisting is a key component of an organisation’s Defense in Depth posture (and forms part of Secure-ISS’s advanced posture). Such a component provides a level of protection from the execution of malicious software within an environment. By denying applications outside of the approved application list from running, a business essentially stops the execution of unapproved applications (and in turn malicious applications).

Application whitelisting forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. The risks associated with significant file based threats are significantly reduced with the implementation of these solutions.

Security - Advanced Posture
Advanced Posture Indicator

What methods are used to implement Application Whitelisting?

There are a number of methods used to specify application whitelisting rules, including:

  • Cryptographic hashes
  • Publisher certificates (combining both publisher names and product names)
  • Absolute paths;
  • Parent folders; and
  • (Machine) Base/ Golden images.

Each method has its benefits and management overheads. Organisations need to select a method based upon their current maturity and the proposed application whitelisting toolset (not all toolsets support all whitelisting mechanisms). A number of vendors provide Application whitelisting functions in stand-alone products. Further, a number of traditional Anti-virus vendors provide these features within their products.

Organisations also need to understand that there is management component to ensure a successful and ongoing outcome and protection for the organisations. It should be noted that embarking on an Application White listing delivery isn’t a set and forget style project. There are significant organisational changes that need to be understood and agreed to, to ensure a successful outcome.

Implementing Application Whitelisting

In a practical sense Application whitelisting is sometimes difficult for an organisation to deliver and toolsets are developed to assist organisations achieve these outcomes.

Secure-ISS assist organisations with the often daunting task of implementing application whitelisting. Our approach includes a number of steps to ensure a successful outcome for an organisation

  1. Auditing of the current environment including identification of the currently installed software;
  2. Reviewing the business and departmental application requirements across the organisation to deliver business functions;
  3. Determine which method is to be used through-out the organisation to deliver Application Whitelisting;
  4. Setup the Application Whitelisting and apply to a Pilot Group of users
  5. Implement a change management and application approval process around the addition of applications and the review of existing applications (this process often needs to be able to include out of band changes to ensure an organisation’s flexibility can be maintained);
  6. Complete the larger roll-out of the Application Whitelisting function to the organisation.

Free Tools

A number of vendors provide free tools to assist organisations evaluate Applications, including Kaspersky. If you are not sure of an application’s “trust-worthiness”, you can check the reputation via (by providing a filename, hash or via a file upload).

Kaspersky’s capability

Kaspersky have developed solutions into their software to ensure that application whitelisting is effective but also to ensure that software on this list doesn’t get exploited (if not patched in a timely manner) Randall – link through to patching)

To combat this Kaspersky Lab researchers have developed a system known as the “Security Corridor.” The security corridor supplements dynamic whitelist technology by making sure that approved software and applications perform only the actions that they are supposed to perform.

Other Options

Other options that provide similar protection measures include Application Control and Least Privilege type tools.

Advanced Posture Service Indicator

Privileged Access Management is part of our 'Cyber Security' solution.

Arrange a consultation about Least Privileged Access Management Security Services

To discuss your requirements and make an appointment simply phone.
1300 769 460