NIST Offers Guidance on Using Technology to Prevent Intrusions, Malware
For Immediate Release: November 5, 2015
The National Institute of Standards and Technology (NIST) has published a guide to deploying automated application whitelisting to help thwart malicious software from gaining access to organizations’ computer systems. Guide to Application Whitelisting (Special Publication 800-167) explains the basics of the technology and provides step-by-step instructions.
Automated application whitelisting regulates what software can load onto an organization’s network. It is one of a number of techniques that can help prevent malware infections, and it complements other security technologies that are part of an enterprise’s defense-in-depth resources.
In automated application whitelisting, IT managers choose a set of trusted software programs that are allowed to run on an organization’s computer systems. This whitelist minimizes security threats by stopping employees or other system users from downloading programs potentially laden with malware and disruptive bugs.
Typically, employees are encouraged to use only authorized software. But workers still may download the latest version of an operating system or a new app before they are vetted for malware or coding flaws that render an organization vulnerable to viruses, disruptions and data theft.
NIST advises organizations to use modern whitelisting programs, also known as application control programs, to stop cyber threats. These programs can be designed not to interfere with existing antivirus software and intrusion detection systems. And compared with the slower manual methods they are replacing, automated whitelisting programs simplify the task of screening and approving software patches and updates for use across an organization.
“Unlike antivirus software, which blocks known bad activity and permits all other actions, application whitelisting technology only permits known good activity and blocks all others,” says Senior Information Technology Policy Advisor Adam Sedgewick.
Application whitelisting is especially appropriate for larger organizations with managed enterprise environments that enable strict centralized control over desktops and laptops connected to networks.
The NIST authors recommend a phased approach when deploying application whitelisting.
The first step is a risk assessment to determine if automated whitelisting is appropriate for the organization. If it is, the next step is to test a whitelisting process in monitoring mode. This will identify problems without disrupting operations, which could result, for example, if important applications were omitted from the whitelist.
When all problems are addressed and a monitoring re-test shows operations are running well, the authors suggest gradually implementing automated whitelisting across the organization.
The guide also provides a section on using applications whitelisting in mobile platforms.