Businesses, governments and the people who work for them are being targeted in increasing numbers by hostile actors using sophisticated tools and techniques including ransomware and spyware.
This environment makes cyber security a key priority for businesses and government organisations. A security posture that manages risk without compromising operations and innovation can pave the way for businesses and organisations to navigate this dynamic threat environment without disruption.
Application allowlisting–formerly application whitelisting–is integral to achieving an effective security posture.
What is allowlisting?
So what is allowlisting and what does it do? Put simply, allowlisting allows only processes, files and applications approved by a business or organization to run in its environment, with all other processes, files and applications blocked.
This reduces the risk of malicious code executing in that environment.
Allowlisting is increasingly recognized as a critical element of an effective cyber security architecture by bodies such as the Australian Signals Directorate, the United States National Institute of Standards and Technology, and the United States Department of Defense.
Supporting the practical way organizations operate
So what constitutes an effective allowlisting solution? At Airlock Digital, we believe allowlisting software should–above all–support the practical ways organizations operate, rather than a utopian security ideal in which almost nothing is allowed and no exceptions are made.
The solution should be configurable to allow customers to make determinations on applications and files based on their own definitions of trust. This provides a higher level of security than if a vendor was to make decisions on behalf of customers, because attackers do not know what the customers’ definition of trust is. They cannot determine how to penetrate a customers’ environment simply by obtaining a copy of a product and testing malware against it.
Functionally, an allowlisting solution should:
Providing time-limited exceptions
An effective allowlisting solution should enable administrators to provide time-limited exemptions to non-allowlisted applications and files requested by users. Imposing a time limited exemption after which an endpoint reverts to its previously allowlisted state ensures administrators do not leave endpoints in exemption states longer than necessary.
This avoids ‘exemption sprawl’ whereby large numbers of endpoints operate in an exempt state, potentially compromising a business or organization’s security posture.
Building security tools for non-security people
Further, allowlisting should be about providing security tools to non-security people. The reality is that a large number of organisations do not have dedicated security team members to manage deployments, but still need to manage risk in today’s increasingly complex threat environment.
An allowlisting solution accessible and easy to use for key people within the technology function, such as system administrators who typically know what is running in an environment and can manage allowlisting at scale, is the answer.
With the right allowlisting solution in place, businesses and government organizations can position themselves to seize the opportunities of the digital era while minimizing the risk presented by increasingly sophisticated threats.
Airlock Digital is here to help!
Book a demo with any of our team members
by clicking the button below.