Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

With new dynamic capabilities, will whitelisting finally catch on?

Maria Korolov | June 20, 2017
In this age of destructive and fast-spreading malware, companies are giving whitelisting a second look -- and with cloud-based, peer-to-peer whitelists and reputation scoring, the technology now has a chance to be widely adopted.

A number of companies are working on offering isolation technology and similar solutions. “There's a lot of different ways to skin this cat," he says. "We're really at the bleeding edge of all this."

 

Don't start celebrating just yet

Most experts agree that we're still at the very early stages of being able to solve the whitelisting problem. "I just don't think it's mainstream," says Javvad Malik, security advocate at San Mateo, Calif.-based AlienVault, Inc.

In fact, despite new features, the use of whitelisting has probably shrunk, he says. "Crowdsourcing and machine learning can definitely improve the quality of whitelisting, but it won't cover every scenario we have at this moment," he says.

Many companies aren't set up to be able to use cloud-based whitelisting, he added. "The infrastructure isn't really there to support it," he says.

The crowd-sourcing approach also has its own problems. "Crowd sourcing is great for getting lots of work done cheaply, and having as many eyes on it as possible, but it's easy to breach or bypass," says Ryan O'Leary, vice president of the threat research center at Santa Clara, Calif.-based WhiteHat Security, Inc. "If you're going to rely on the crowd, you have to rely on a group of people you don't know. Even if you vet them, there's lots of ways around that. Plus, crowd sourcing can be used as an attack surface, too."

The increasing complexity of today's organizations is also a signficant factor, says Paul Calatayud, CTO at Overland Park, Kansas-based FireMon. "Being a CISO, I have held roles where I have attempted to deploy whitelisting on endpoints without much success," he says.

Crowdsourcing and reputation scoring won't go far enough, he says. "Organizations are getting more and more complex," says Calatayud. "The idea of any single organization managing similar sets of applications and policies is becoming, even more less likely as network and technology become application-based. Pile on bringing your own device and mobility, and all of a sudden, whitelisting seems like an approach that should be left in the past."

In addition, different types of users need different kinds of applications, says Scott Petry, co-founder and CEO at Mountain View, Calif.-based Authentic8, Inc."Marketing may need access to the corporate Twitter or Facebook account, but that may not be an appropriate whitelist entry for all users," he says. Then there are the cases where a known reliable application gets a problematic update, or creates a vulnerability when combined with another application, he says.

Ultimately, whitelisting might be an effective tool, and crowdsourcing and other new technologies may make it even more practical. "But it is only one part of a comprehensive risk management or data security practice," says Petry.

 

Previous Page  1  2  3  4 

Sign up for Computerworld eNewsletters.