You know the saying “everything old is new again”? That’s exactly comes to mind when I listen to some of the hype around whitelisting and the use of a ‘positive model’ for information security.
The Application Control vendors would have you believe that application whitelisting is the latest (and only) answer to the increasing ineffectiveness of antivirus signatures.
- Whitelisting isn’t new. We’ve used a “default deny” approach in firewall functionality for more than a decade. What’s relatively new is trying to extend whitelisting up the stack to control which applications are allowed to execute on an endpoint.
- Whitelisting is not a silver bullet. The fundamental issue with any whitelisting approach is “who builds and maintains the list?”. This is a significant and potentially culturally explosive issue on end-user desktops. That’s just one of many issues and considerations with the use of Application Control solutions that we have been advising clients on for years.
Don’t get me wrong. Whitelisting is foundational for comprehensive information security protection and will have an increasingly important role to play in your endpoint protection strategy. However, for the majority of endpoint systems, whitelisting alone is not enough and must be combined with blacklisting (yes, technologies like antivirus) and other protection styles to create an endpoint protection system.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.