Traditional network protections have included stopping threats that are known. Legacy antivirus programs use a signature database of identified malware that is then used to match with incoming file attachments.
Legacy firewalls would do a similar thing where the threats were cataloged in a database, then when an unknown application is spotted, it is matched up against that threat database.
This network security system worked fine for a while until the proliferation of zero-day attacks. These are attacks that use malware, exploits, and malicious code that are brand new, and thus have not been seen or cataloged in a database yet.
Zero-day threats have been growing. 2021 broke the record for the number of spotted zero-day incidents, with counts nearly double the total seen in 2020.
The danger of these types of malware attacks is that these older systems that use a threat database can’t identify them because they’re so new. The threat hasn’t been seen yet, so the system doesn’t know how to block it.
The Adoption of a Zero-Trust Security Model
Due to the problem with defending against zero-day attacks, a new security model began to take hold called zero-trust. This model is now being used widely as the standard because it’s designed to block malware even if it hasn’t been seen or cataloged before.
The principle behind zero-trust is to continually monitor for any threats and not trust any users or applications simply because they’ve made it into the network.
In 2021, 72% of surveyed organizations stated they had plans to adopt zero-trust in the future or have already adopted this model.
Here’s an example of the old way of blocking malicious applications from executing in a network versus the zero-trust way:
- Old way: Match threats against a list of known malicious applications to identify and block them
- Zero-trust: Create a list of approved applications and block all others by default
One of the tactics used in implementing a zero-trust cybersecurity strategy is application whitelisting.
What Is Application Whitelisting?
Application whitelisting (also known as safelisting) involves registering every file and application that is allowed to run in your system in an assessment catalog with its digital signature. The network firewall then checks this approved list before allowing an app or code execution to run.
Whitelisting is an effective means of blocking zero-day threats because the system doesn’t need to know what those threats are. It only needs to know which applications are considered trusted, and it blocks all others by default.
This solves the issue with the rise in zero-day threats because the system never needs to identify them to block them. It can keep them from entering your systems because they’re not on the approved whitelist.
Application Whitelisting Best Practices
Setting up application whitelisting is an excellent step toward transitioning your IT security to a zero-trust model. Here are several best practices to use as this is set up.
Scan Your Network to Identify Components to Add
A good way to begin your list of approved applications is to do a network scan. This will help you identify components that need to be added to your whitelist.
Next, speak to employees to see if there are any applications that they use, especially those that are only used occasionally or at certain times per year, which may have been missed when you were initially scanning.
Categorize Applications Into Essential and Non-Essential
One of the best practices when setting up your application whitelist is to separate your essential applications from those that are non-essential. By giving these distinct categories, you’re then able to apply slightly different security and prioritization policies.
Update Your Whitelist on a Schedule
Application whitelists can become a barrier to organizations if they’re not kept up to date, and as a result, begin blocking legitimate programs that employees need.
Any new application being used needs to be added. Additionally, the systems should be updated regularly to remove older programs, which keeps performance optimized.
Updated versions of applications may also need to be updated in the system whitelist. It’s best to set a calendar reminder to do this regularly (for example, each month) to keep your whitelist effective.
Use Other Zero-Trust Tactics Along with Whitelisting
Whitelisting is one of the tactics used in zero-trust, but it should be used along with others and not as your sole method of keeping malware and data breaches at bay.
For example, setting up multi-factor authentication (MFA), which is another zero-trust tactic, can secure your administrative logins to your application whitelisting controls in addition to other user accounts.
Another zero-trust principle that’s easy to implement is the use of DNS filtering, which blocks phishing websites and other sites with poor security or that are known to be dangerous.
Improve Your Business Security & Have Us Set Up Application Whitelisting for You
GEEK911 can help your Silicon Valley area business put application whitelisting and other zero-trust tactics in place to improve your cybersecurity.
Schedule a consultation by calling 1-866-433-5411 or reach us online.