Application Whitelisting – Past, Present & Future

The concept of application whitelisting (AWL) is very fundamental – You have a finite list of trusted applications and only those are allowed to run.
Going down memory lane… This was productized by a few vendors post-Y2K, and was an ideal fit in the fixed function device market – ATMs, medical devices, manufacturing systems, point of sale devices, kiosks, etc.
However, as a security technology it has enjoyed a wider market adoption in recent times. It is capturing the enterprise server and desktop market in a big way. Traditional security technologies are not able to combat today’s breed of threats like advanced persistent threats (APTs) & botnets, and there is universal acknowledgement that AWL can provide thorough security. But the usual inhibition is – end user productivity should not be compromised by a stringent security system. New “good” applications should be allowed even if they are not part of the whitelist.
A CISO would gladly embrace AWL as the security standard if it:

Provides highest-level of security
Reduces IT’s administrative burden
Does not lower end user productivity

There are several AWL vendors in the market today, and they cover requirement #1 in varying degrees. The new entrants in this space provide partial whitelisting (just a list of exes), but thorough whitelisting is only when the entire system stack is whitelisted – i.e. drivers, scripts, libraries, exes and browser components.
Furthermore, (continue reading...)