You know the saying “everything old is new again”? That’s exactly comes to mind when I listen to some of the hype around whitelisting and the use of a ‘positive model’ for information security.
The Application Control vendors would have you believe that application whitelisting is the latest (and only) answer to the increasing ineffectiveness of antivirus signatures.
- Whitelisting isn’t new. We’ve used a “default deny” approach in firewall functionality for more than a decade. What’s relatively new is trying to extend whitelisting up the stack to control which applications are allowed to execute on an endpoint.
- Whitelisting is not a silver bullet. The fundamental issue with any whitelisting approach is “who builds and maintains the list?”. This is a significant and potentially culturally explosive issue on end-user desktops. That’s just one of many issues and considerations with the use of Application Control solutions that we have been advising clients on for years.
Don’t get me wrong. Whitelisting is foundational for comprehensive information security protection and will have an increasingly important role to play in your endpoint protection strategy. However, for the majority of endpoint systems, whitelisting alone is not enough and must be combined with blacklisting (yes, technologies like antivirus) and other protection styles to create an endpoint protection system.