Application Whitelisting Isn’t What it Once Was…
Truth be told, application whitelisting wasn’t always done in the most efficient manner. As Dr. Cole mentions, when he discusses the default-deny approach with his clients, their response is “been there, done that, it doesn’t work…”. There is a serious lack of education when it comes to the current methods of application whitelisting. First is the concept of an automated, global whitelist. This eliminates the workload on IT staff to create and maintain a whitelist of their own. Additionally, using a whitelist approach that conducts in-house testing of the unknown files, further eliminates the workload for IT staff. An unknown file is one that has yet to be proven safe, or known to be malicious.
Overall, application whitelisting has a negative connotation because of it’s previous reputation. It is because of this, that organizations are reluctant to deploy the preventative tool, even with federal agencies like the FBI, DHS, and NIST, backing the methodology. This lead to the question, of what can be done? Change the name to behavioral heuristics with zero-trust application security? Maybe.
Dr. Cole states,
“…you have to overcome the fears of the past, and recognize it [application whitelisting] is a lot different and unique today than it was.”
Concerns with Response Based Solutions
The reality is, organizations need a response plan. They should have a detection and response element to their security stack. However, this is leaving the doors open to attack, by failing to focus on prevention.
“…what I see coming out, which terrifies me is extortion.”– Dr. Eric Cole, Founder and CEO of Secure Anchor Consulting
If you don’t have the right layers of prevention in place, you will fall victim. At this point, the aftermath is going far beyond the ransomware attack, and the restoration process. The threat is greater. By stealing your data, the cyber criminals now have a residual income model. They can now demand ongoing payments every month, quarter, or year to keep this data off the dark web. If the organization opts not to pay the reoccurring expense, their client, patient, or customer data will be exposed.
Dr. Cole states,
The silver lining is, you can protect against it, but to me, organizations are focused on the incident response side. Instead of patching servers, encrypting data, implementing endpoint security, and protecting, and minimizing the attack, they’re just preparing themselves to be victimized and pay for it, which scares me, the mindset that’s going on in cyber.
By adding an application whitelisting agent on top of the organization’s existing security stack, the risk of falling victim to a cyber attack and extortion decreases by a factor of ten.
Listen to the full discussion below.
374 total views, 16 views today