make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

Leverage Application Whitelisting on Endpoints

12/29/2016

Share

Social Logo Social Logo Social Logo Social Logo

By Ty Tyra, guest blogger

LBMC Information Security is offering this seven-part series and the recommendations therein as guidance that can help fortify the defenses behind your border. These are designed to build additional layers of defense and remind IT leaders not to neglect the fundamentals. The series will be posted on a weekly basis and consists of the following topics:

Last week, we looked at the need to be able to “peer” into your environment to see what is happening in real time. This week, we examine the benefit of controlling which applications can run on an organization’s endpoints.

Leverage Application Whitelisting on Endpoints

Many attacks rely on some form of malware leveraged to provide unauthorized access to a system or information. Exploit kits, key loggers, and ransomware represent just a few tools of the trade used by malicious actors to compromise systems and capture sensitive data. Antivirus by itself is ineffective as a lone security control aimed at identifying and stopping malware. However, regulation of exactly which applications are allowed to run on a host greatly reduces the chance of malware being executed on an asset. Over time, some organizations have improved their application whitelisting capability to the point that they phased out their antivirus solutions, allowing them to increase their security posture while realizing a cost savings by discontinuing their antivirus service.

Deploying an application whitelisting solution on users’ endpoints (servers, workstations, desktops, etc.) allows organizations to define which software can run on those hosts while applying an implicit deny-all policy to everything else. This can effectively aid in breaking the cyber threat kill chain and reducing the chances that malware can be leveraged on a host. Sure, malicious actors might still be able to plant their malware on a host, but application whitelisting will issue an alert for such actions and can ensure that the chance of such an unapproved file executing is very low.

Learn more about how our team at LBMC Information Security can help your team armor up with a wide range of network defense services. Contact us today!