I recently had an interview with Lumension chatting about whitelisting. Is it coming of age?
Application whitelisting, which is the notion of only allowing pre-determined applications to install and run on a network, is gaining a lot more mindshare from security teams than ever before. Once in place and properly configured, an IT estate protected in this way should be able to prevent unapproved software code or applications from being installed.
Of course, whitelisting is only one part of the information security mix.
Forgetting the world of automatic downloads and so on, one big question I always ask when discussing whitelisting to security people is, whether they see users trying to install unauthorised applications on their work systems. In most cases this doesn’t happen, due to workstation lockdown and techniques such as whitelisting, but when it does, it is interesting to understand the motives of the user in question. This applies especially if the user is trying to install an application to help with their job. If this is the case then we, as information security people, need to see how we can quickly facilitate what is probably a justifiable business need.
At this point I get right on my hobby horse—delivering business benefit is what we security people are all about. Too many people lose sight of this, and application whitelisting must be seen as an enabler for business benefit. I’ll get off my hobby horse now!
For the whole interview check out http://blog.lumension.com/?p=2425.