White House Issues Memo on Cybersecurity
Earlier this month, the White House issued a memo to corporate executives and business leaders outlining the five best practices to strengthen their cybersecurity posture to thwart ransomware attacks. Beyond the five steps the current administration is encouraging, there were five more steps to consider. Unfortunately, none of the ten outlined company "to-dos" were proactive prevention tips, like the implementation of application whitelisting.
For anyone who has fallen victim to ransomware, they understand a detect and respond method simply doesn't work. Once ransomware has infiltrated the network, it is too late. The goal should be, first and foremost, to prevent the infection. By only allowing known, trusted applications to run, application whitelisting has been proven to significantly reduce the likelihood of a ransomware attack successfully infecting networks.
The Resistance to Application Whitelisting
IT professionals often will shy away from a default-deny approach for three reasons.
First, the nature of application whitelisting causes false positives. Meaning, there may be instances a non-malicious program is blocked because it has yet to be tested, and proven secure. This is one of the biggest points of resistance for the adoption of application whitelisting tools. IT professionals lack the resources to sift through unknown files that their whitelisting solutions have yet to encounter. Additionally, there are concerns false positives will impact employee productivity.
Secondly, many application whitelisting solutions require the IT professionals to manually create their own list of good applications. Again, this is simply not efficient.
Third, ripping out their existing solution, regardless of its inferiority, can be incredibly time-consuming.
Even though the method of whitelisting is more secure, the resources to deploy and manage are simply not there.
A New Way to Whitelist
Businesses across the globe are facing cyber threats daily, and a new way to protect against them is critical. Understanding the functionality of application whitelisting, and being mindful of IT professional's pain points to adopting the solution -- IT administrators and developers are taking a new approach to implementing this technology.
As mentioned above, the resources are simply not there to for businesses to create and manage their own whitelist. Instead, find a security solution that offers a global whitelist that is managed by the vendor. This reduces the workload for the IT professional by eliminating the in-house development and maintenance. Additionally, utilizing an application whitelisting solution that layers on top of your existing cybersecurity solutions does not require a rip-and-replace strategy. By adding on top of the current solutions, admins enhance the digital infrastructure of the business immediately.
Whitelisting - A Federally Supported Effort
Although the memo issued by the White House did not include application whitelisting solutions, many other government agencies like the FBI, DHS, and most recently, the DoD encourage the default-deny approach. The DoD has worked to create the Cybersecurity Maturity Model Certification (CMMC). The CMMC outlines the steps businesses must take to become CMMC certified at various levels. Many cybersecurity vendors have become increasingly invested in this model, including PC Matic.