Application Whitelisting is a higher end method of showing zero trust to your machines operating system, data, users and environment. This is achieved by allowing only the applications that we permit to run on a device, meaning unwanted applications cannot be installed and even better, malicious code is unable to run, as well as non-work-related applications. It acts as another line of defence against viruses, malware, ransomware and more.
Some key benefits of adding Application Whitelisting:
- With Application Whitelisting in place, only the applications we allow to run are allowed to run. This not only prevents employees from using non-work related, non-productive applications, but also prevents accidental malicious code from running, acting as another line of defence in cybersecurity.
- Application Whitelisting also monitors your files and folders for access, deletion and unknown security changes. A popular incident being files accidentally moved or deleted, and wanting to know who committed the act. Application Whitelist auditing can tell us this information, if and when we need it.
- This is not related to the trust of an individual employee, but more the trust of the Windows operating system and the security of the applications you are running. The addition of non work related applications being restricted is a bonus feature, useful to many, especially with the trust of remote working.
- Breaches often develop when holes are discovered in operating systems and applications, and this usually resides in programs talking to each other to execute the code that will carry out some form of damage of the machine and its data. Application Whitelisting blocks this in its tracks.
- In more recent times we know this as usually being some form of Windows Powershell code, and to those who have no idea what this is, relate it to the modern day macro that we all know for decades has been something to be aware of. However, unlike a macro that just runs in Office, Powershell runs on the operating system itself. This has far more power to do damage to your machine, and needs to be stopped.
How does Application Whitelisting work?
There are various methods of adding application whitelisting onto your IT network. Some software packages are centrally managed on the network, but this can cause issues if policy changes are made and users are working remotely, therefore they do not see those updates, and new applications cannot be approved easily. We recommend using a cloud managed solution, where any policy changes are made online, and policies are then downloaded via the agent on the devices instantly.
How much does Application Whitelisting cost?
Each agent requires a license, which can cost between £2 and £4 per device, depending on the number of devices on the network.
Application control is now an essential part of your cybersecurity defence, and without this in place, you are leaving a significant gap in your IT solution. We will be introducing our solution to our clients in our next QBRs.