The concept of application whitelisting (AWL) is straight forward – You have a finite list of trusted applications and only those are allowed to run.
As a security technology it has enjoyed a wider market adoption in recent times. It is capturing the enterprise server and desktop market in a big way. Traditional security technologies are not able to combat today’s breed of threats like advanced persistent threats (APTs) & botnets, and there is universal acknowledgement that AWL can provide thorough security. But the usual inhibition is – end user productivity should not be compromised by a stringent security system.
Many CISO’s would gladly embrace AWL as the security standard if it:
- Provides highest-level of security
- Reduces IT’s administrative burden
- Does not lower end user productivity
There are several AWL vendors in the market today, and they cover requirement 1 in varying degrees. The new entrants in this space provide partial whitelisting (just a list of exes), but thorough whitelisting is only when the entire system stack is whitelisted – i.e. drivers, scripts, libraries, exes and browser components.
Furthermore, only mature vendors cover requirements 2 & 3, providing security with flexibility – and win the CISO’s signoff.
McAfee covers them by using its multi-faceted trust model. New “good” applications are allowed even though they don’t feature in the whitelist, because they satisfy the trust criterion.
But AWL technologies still need to evolve. No vendor has created an ideal trust model, because there will always be “good” apps which are neither in the whitelist nor will they satisfy the trust criteria.
McAfee is in a unique position to evolve in that direction, it can combine whitelisting, blacklisting and its Global Threat Intelligence to identify and keep away both the known-bad and the unknown-bad, yet allow the unknown-good. Once that happens, AWL technology will become a security solution not just for enterprises but also in the consumer world.
