Newsletters

2016 – fall Issue

An Introduction to Whitelisting

Do corporate initiatives require you to patch and run antivirus applications on your control system server and workstations? As with many of our customers, corporate IT groups determine requirements for all systems across the organization. This is done with good intentions, but these groups often have little or no idea what happens inside the industrial workspace.

Many times we work with organizations that have had the same systems in place for 10, 20, or even 30 years. This is understandable; these are extremely expensive and complex solutions that, when built, were top of the line. To retrofit a million-dollar batching line just because it is running Windows XP is unnecessary, especially when you spend money to update these systems and still produce the same amount of product at the end of the day.

So, what can you do? Application whitelisting is a solution that effectively blocks unauthorized applications and code on servers, desktops, and fixed-function devices. This centrally managed solution uses a dynamic trust model and innovative security features to thwart advanced threats without requiring signature updates or labor-intensive list management. It is ideal for end-of-life operating systems or software for which security patches are no longer being provided. Application control or application whitelisting are terms used interchangeably for the same solution.

The core function of application control is to prevent a foreign application from installing or running on an endpoint (server/desktop/laptop) other than those that are allowed or whitelisted. If a machine has a static purpose or functionality, it will have a finite number of applications running on it. Application control will watch and learn, and, in turn, create a whitelist of these applications and its operations when running. When the machine is locked down, anything outside of the whitelist will not be allowed to run. With such protection in place, threats, including zero day viruses, are easily contained, therefore eliminating the need for antivirus programs that consume precious CPU cycles and memory overhead.

If there is a need to update the machine with new applications or modify existing applications, the machine can be unlocked in a controlled environment, and the necessary tasks can be completed at a scheduled time. Once the machine is locked down again, application control will learn the new or modified application files and append them to the whitelist, which will then be used to protect the machine.

Application whitelisting has a low overhead footprint that does not impact system performance, requires low initial and ongoing operational overhead, and works effectively in standalone mode. The product is designed to operate in network and firewall configurations. It can even operate on systems that are not connected to a network. The days of having antivirus programs installed and up to date are over: enter application whitelisting.