If you’re reading this article, you probably have cyber security on your mind. Protection against malicious code (malware) is becoming a high priority for many Australian businesses, and rightly so. Not keeping your organisation secure from a technology standpoint can have a catastrophic impact.
This is the second blog in a five-part series on the Australian Signals Directorate (ASD)’s Eight Essential strategies to address cyber security risks and keep attackers at bay. We will answer some common questions about the ASD Essential 8, as well as provide some tips to help you create and implement a security policy can work for your business.
Quite simply, application whitelisting is an approach where rules are designed to prevent unauthorised applications and code, executing on systems. It’s so important, that it’s number one on the ASD list. Malware attacks can occur as easily as an employee accidentally clicking on a link that is malicious or accessing an app that is not secure. Whitelisting sets specific rules about which apps can be executed on your devices, thus strengthening your defence.
While blacklisting may look to be the easy option to the uninitiated, as it entails continually maintaining a list of apps that cannot be accessed on your network, allows organisations to define a specific list of “Approved Applications” that can execute within their systems. Keeping track of apps to blacklist can be an incredibly time-intensive process and one that requires more involved upkeep in the long term than you are willing to commit to.
Whitelisting, on the other hand, allows organisations to define a specific list of “Approved Applications” that can execute within their systems, therefore creating a more secure environment to limit the chances of a malware or ransomware to execute on a company system. As your business needs evolve, it’s possible to add or remove applications from your whitelist.
In short, a whitelisting policy is an essential control if a business is to provide a safe, secure environment in which their employees can operate. If you implement your policy correctly, you’ll be able to ensure that only the applications that you and your team authorise will be executed.
We recommend that you do your research before commencing with policy creation. Depending on the size of your business, this may involve creating a working group to understand the needs of your organisation. This will allow legacy software to be removed before whitelisting commences and planning to be included in your roadmap. To know what is coming up will make the addition of new setup rules for applications to be planned in advance if software restriction is implemented.
Examples of types of applications that should be considered for whitelisting include:
There may be some applications you will allow that complement business applications, such as messaging apps, web-based email and social media sites. They may not need to be used by all employees in order to do their job (although they can increase productivity significantly) but giving your team some freedom of choice will likely produce a happier, more productive workforce.
Applications that do not make the list will likely be some of the favourites of your employees, but that’s an easy argument to make if it means protecting the overall business by limiting the number of non-essential apps that are installed.
Develop the rules. This is vital if you want to ensure only authorised apps are whitelisted. Our team of security experts are here to help if this is something that is outside of your wheelhouse.
We can also help you get the most out of existing whitelisting capabilities within your system or set up a different method if needed. Whitelisting policy definition is often considered one of the most challenging security activities (even by experienced Security professionals). Ensure you speak to our team to learn how The Missing Link can assist you in your Whitelisting journey if it is not something you have done before. There are different processes for Mac vs PC and many organisations run both, so it may not be as simple as a one size fits all approach.
We recommend running a Whitelisting solution in audit mode for a period of time initially to gain an understanding of apps being executed in order to help create a policy tailored to your environment. Include a schedule for testing. After all the effort that goes into setting up your application whitelisting, it makes sense to regularly check to ensure the process is still working as scoped. The implementation of event logs that note any failed attempts to execute should also be listed as part of your policy. A properly designed, documented and delivered whitelisting solution is essential to a successful handover and continued adoption of the solution.
No, it’s definitely not. The Australian Signals Directorate recommends that you don’t replace antivirus, anti-ransomware or any other security software that is already running. Using multiple points of protection will ensure a higher level of security is maintained and the potential for compromise reduced.
Make application whitelisting work for you, contact us today for help creating a policy that ensures security for your business. Our cyber security experts are ready to help.