The National Institute of Standards and Technology (NIST) published a new guide in October to deploying automated application whitelisting to help block malicious software from gaining access to computer systems, the agency said Nov. 5.
The published document, Guide to Application Whitelisting (Special Publication 800-167) explains the basics of this application whitelisting technology and step-by-step instructions.
Automated application whitelisting regulates what specific software is allowed to load onto an organization’s network. It is one of several techniques that can help prevent malware infections and complements other security technologies part of an enterprise’s defense-in-depth resources, NIST said.
“Application whitelisting is most readily used to stop threats on managed hosts where users are not able to install or run applications without authorization,” the guide noted. Examples include a kiosk workstation with strict application limits and a laptop with pre-installed applications, but the user does not have administrative privileges to install additional applications.
Employees are usually encouraged to use authorized software only, but they may still download the latest version of an operating system or a new application before they are vetted for malware or coding flaws. This can render an organization vulnerable to viruses, disruption, and data theft, NIST said.
“NIST advises organizations to use modern whitelisting programs, also known as application control programs, to stop cyber threats,” the agency said in a statement. The application control programs may be designed to not interfere with existing antivirus software and intrusion detection systems.
Compared to the slower manual methods these programs replace, automated whitelisting simplifies screening and approving software patches and updates for use across organizations.
“Unlike antivirus software, which blocks known bad activity and permits all other actions, application whitelisting technology only permits known good activity and blocks all others,” Adam Sedgewick, senior information technology policy advisor, said in a statement.
NIST highlighted this whitelisting approach is especially appropriate for larger organizations that have managed enterprise environments that enable strict centralized control over computers connected to networks.
The guide’s authors recommended the whitelisting program be deployed in phases. First, conduct a risk assessment to determine if application whitelisting is appropriate. If it is, next the organization should test a whitelisting process in monitoring mode. This mode will identify problems without disrupting operations. After all problems are addressed and a monitoring re-test shows operations are running well, automated whitelisting can then be gradually implemented across the entire organization.
The guide also provides an appendix applying application whitelisting to mobile platforms.