16 Jul Application Whitelisting is the most effective security strategy to prevent malicious code from running on a computer.
It works by allowing the user (or administrator) to create and maintain a list of known ‘good’ files which they trust, only these files can run on the computer while all others are blocked. This proactively prevents unknown threats such as ransomware and malware from loading on a computer in the first place.
Contrast Application Whitelisting with traditional Anti-virus solutions which work on a blacklist model and only prevent files from running which have been classified as ‘bad’. This reactive approach allows attackers to modify the files (malicious code) they use to attack organisations to avoid detection.
The Australian Signals Directorate intelligence agency ranks Application Whitelisting as most effective strategy to prevent Targeted Cyber Intrusions. It is a key plank of the Essential 8.
Application Whitelisting refers to ‘strict’ application whitelisting technologies which place trust in files for the purposes of security.