Before we go any further, let’s ask another question: Why would we need application whitelisting? Legacy controls such as Anti-Virus have become less effective at stopping the latest threats, user permissions may not be locked down, meaning users can “run anything”. Often companies build systems which must never be changed, or are very seldom updated due to the types of business-critical information they must process; Anti-Virus may not even run on those systems.

Application Whitelisting forms part of the UK Government’s 10 Steps to Cyber Security.  Traditional methods tend only to try to identify and stop the malicious stuff, which is Blacklisting essentially. Application Whitelisting works by allowing only trusted programs to run whilst denying everything else. Seems pretty simple, right?

Far from being the silver bullet to stop anything malicious running on your network, Application Whitelisting needs careful planning along with skills to implement and then maintain it. However, a well-executed application whitelisting policy will dramatically reduce the attack surface area for malicious software to proliferate. Reducing the number of system rebuilds after an infection will also save money. A simpler analogy might be “we stop anyone coming into the restaurant who isn’t on the maître d’s guest list.”