The US National Institute of Standards and Technology (NIST) has published a guide to whitelisting, aimed at helping organisations display an important defensive security technology – application whitelisting.
Application whitelisting is a top dog for its ability to exceptionally reduce attack surfaces and help identify and block unknown bad activity. Skip spies say that when done correctly, application whitelisting is an “incredibly effective” way to ensure defence, stability and consistency, but is often not utilised in organisations since it offers only an impression of security.
The authors of the guide suggest that risk assessments should be the first order of business since application whitelisting is a functionality pain.
“If design decisions are incorrect, then the application whitelisting implementation will be more susceptible to compromise and failure. An application whitelisting technology might be considered unsuitable if, for instance, it had to be disabled in order to install security updates for the operating system or particular applications,” the authors said.
The most accurate and understandable application whitelisting capability is commonly provided by a mixture of digital signature and publisher and cryptographic hash techniques, however usability and maintainability requirements can place burdens on an organisation.
NIST adds that roll outs should be phased using clear processes to help reduce drawbacks.