Initiatives such as the SANS Consensus Audit Guidelines and the UK CPNI Top 20 Critical Security Controls have attempted to standardize IT and cyber security efforts around 20 strategies proven to mitigate the most common and damaging types of attack. These represent a significant improvement over previous attempts but there remain challenges around adoption and prioritization.
In November 2012 the Australian Department of Defence published a paper in which they stated “At least 85% of the intrusions that DSD responded to in 2011 involved adversaries using unsophisticated techniques that would have been mitigated by implementing the top four mitigation strategies as a package.” This is a significant discovery since it narrows the focus from 20 required mitigation strategies for cyber security to just four:
- Application whitelisting
- Effective OS patching
- Effective application updates
- Restricting of administrative privileges
For more background on this DoD paper I encourage you to read my USA Today article “Four simple steps to protect the US from hackers”.
Over this series of three articles I’ll be exploring the four mitigations in a series of three articles and explaining how they combine to form an effective cyber security defence strategy. I’ll start in this article with Application Whitelisting.
Mitigation 1: Application Whitelisting
An application whitelist is a register of applications that are approved to run on a computer system. Unless an application is explicitly listed it will not be permitted to run. This is the opposite of a blacklist where all applications may run except for those explicitly listed.
Application whitelisting greatly reduces the risk of malware and other unauthorized software by mandating that only approved applications will run. Implementing whitelisting on personal computers and other vulnerable devices makes it difficult for malware to get a foothold within the organisations and greatly reduces its opportunity to spread. Enterprise system management frameworks such as Microsoft System Center Configuration Manager incorporate application whitelisting capabilities as standard.
A frequent criticism of application whitelisting is that it is inflexible for the end-user and places a significant management overhead on systems administrators. These issues can be mitigated by implementing whitelisting in conjunction with an enterprise app store for self-service software provisioning. This empowers end-users and automates the process of software delivery, reducing management overhead.
In the next article I will be exploring how effective OS patching and application updates are the key to good IT security (click here to read Part 2).
If you found this article helpful, please take a moment to share it with your contacts using the social media buttons to the left.