Saturday, April 2, 2011

Application whitelisting: an extra layer of malware defense


I am a big fan of whitelisting as a complement to attack-centric approaches, and as a foundational layer of defense. Even though it is not called whitelisting, I see Apple successfully using this method for ensuring compliance for iPad, iPhone and iTunes. It is a technology that also works in the corporate environment, even if it is not an AV killer.

I was excited when Information Security Magazine asked me to write an article on AWL. I enjoyed talking to the major vendors and my enterprise security contacts about whitelisting, and am happy with the final result. I hope you also find it to be an interesting read.

“Application whitelisting makes too much pragmatic sense to not have appeal as an antimalware mechanism. Intuitively, a technology operating in the kernel that detects suspicious changes in an IT-controlled software configuration should be easier to scale than a technology that looks at all files to identify and clean attacks.” The rest of the story can be found here.