Airlock Blog

CERT NZ Continues to Recognize Application Allowlisting

Written by David Cottingham | 1 February 2024

CERT NZ Continues to Recognize Application Allowlisting as a Critical Endpoint Security Control

To ensure the continued cybersecurity resilience of organizations across New Zealand, the Computer Emergency Response Team of New Zealand (CERT NZ) recognizes application control (allowlisting) in their Critical Controls framework. This long-term recognition by CERT NZ shows that application allowlisting remains a critical strategy to increase security and reduce risk within all computing environments. This blog explores the significant enhancement that allowlisting brings to organizations. We draw insights from CERT NZ's official documentation on Application Allowlisting and the specific steps outlined in their guide on enabling application control.

Understanding Application Allowlisting

Allowlisting, (formerly known by CERT NZ as application whitelisting) is recognized as a critical strategy to proactively reduce risks of ransomware and cyberthreats such as Living Off The Land (LOTL) Attacks. Unlike traditional signature-based detection methods that identify and block known threats, allowlisting permits only pre-approved applications to run on systems. This proactive approach significantly reduces the attack surface, mitigating risks associated with emerging threats.

Key Insights from CERT NZ's Application Allowlisting Guidance

CERT NZ provides valuable guidance on Application Allowlisting, offering cybersecurity professionals a roadmap to implement and leverage this powerful defense mechanism effectively. Here are key insights from CERT NZ's documentation:

Understanding Your Environment Before implementing allowlisting, organizations are encouraged to comprehensively understand their digital environment. This involves identifying critical systems, applications, and dependencies to establish a solid foundation.

Defining Allowlisting Policies Collaborate with the relevant people within your organization to define and document allowlisting policies. Determine which applications are essential for business operations and establish clear criteria for evaluating and updating these policies over time.

Selecting an Appropriate Solution CERT NZ recommends carefully selecting an allowlisting solution that aligns with organizational needs. The guide provides insights into evaluating different tools based on factors such as ease of management, scalability, and compatibility with existing cybersecurity infrastructure.

Implementation and Testing Begin the implementation of allowlisting policies in a controlled manner. The documentation emphasizes starting with a pilot deployment to identify potential issues and fine-tune policies before full-scale implementation.

Enable Application Control | A Step-by-Step Guide

CERT NZ's guide to "Enable Application Control" expands further into the practical steps required to implement application allowlisting within the Critical Controls framework successfully. Here are the key steps highlighted in the guide:

Monitoring and Review Continuous monitoring is crucial for success. Regularly review and update allowlisting policies based on changes in the digital landscape and emerging cybersecurity threats. Leverage logging and reporting features for informed decision-making.

Integration with Incident Response Integrate application allowlisting into the organization's incident response plan. Establish procedures to address and investigate any incidents related to application control violations for a swift and effective response.

Leveraging CERT NZ's Expertise

CERT NZ encourages IT specialists to leverage their Application Allowlisting and Enable Application Control guidance for a comprehensive understanding of these critical cybersecurity measures. Detailed information and step-by-step instructions can be found on CERT NZ's official pages: Application Allowlisting and Enable Application Control.

By embracing allowlisting within the Critical Controls framework and following CERT NZ's expert guidance, cybersecurity professionals can fortify New Zealand's digital landscape against evolving cyber threats. For personalized assistance and to stay updated on the latest cybersecurity best practices, organizations are encouraged to reach out to CERT NZ. Let's build a more secure and resilient digital future for New Zealand.

 

This article was written by David Cottingham.
Book a demo to learn more about Airlock by, clicking here.