Application whitelisting is a common method used by IT organizations against malicious cyberattacks and unwanted network penetration to secure on-site and cloud-based networks and infrastructure. The IT organization may use technologies that are integrated into the host operating system to implement application whitelisting, or leverage the capabilities of a more sophisticated security tool. In either case, the organization creates a list of applications to which special network access is given.

Application whitelisting may be used to grant access to a particular service, or the application may require it to run at all. Application whitelisting is most commonly used to allow certain applications to run or execute on the network while limiting or blocking other applications that are not on the whitelist.

How does Application Whitelisting work?

Whitelisting of applications starts with the process of defining which applications will be allowed to run on the network. Application whitelists are dynamic, not static, which means they can change over time, and applications can be added or deleted as needed. The list may contain libraries, configuration files, and other executable programs that may be executed on the network.

IT organizations may take advantage of an application whitelisting feature built into the host operating system or may purchase or license a third-party application whitelisting software solution. These solutions may be known as whitelisting programs, whitelisting technologies for application, or application control programs.

Risks of using application whitelisting

Attackers can replace whitelisted applications with malicious applications with relative ease by creating a version of their malware that is the same size and has the same file name as an authorized application, and then replace the whitelisted application with the malicious application. Therefore, using cryptographic hashing techniques coupled with digital signatures that are linked to the software developers is far more effective for application whitelisting software.

Advantages

• Some application whitelisting tools are more feature-rich than others
• It protects against ransomware attacks and other types of malware attacks
• Application whitelisting is far more restrictive. It does not allow any executable code to run unless an administrator has explicitly granted approval
• Depending on an application whitelisting tool’s reporting capabilities, such a tool may help the organization to determine which users are engaging in risky behavior
• Application whitelisting is decreased help desk costs. Application whitelisting allows an organization’s IT staff to not only restrict which applications users are allowed to use but also to control which versions of an approved application can be run