Whitelisting technology that prevents unauthorized software from running on corporate servers and PCs is a way to prevent malware attacks but managing the package keeps the Burton Group, a division of Gartner, from recommending it as a substitute for traditional antivirus software.
Whitelisting rather should be used as a "complementary" security defense because traditional antivirus software based on "blacklisting" to block and eradicate known malware can't keep up these days, because attack software has become "so prolific," according to the Burton Group's "Application Control and Whitelisting for Endpoints" report published today.
CASE IN POINT: Antivirus didn’t help in zero-day attack on power plant
That's mainly because real-world whitelisting deployment "remains challenged by ever-changing user demands, platform complexity, and software complexity," says Burton analyst Dan Blum in the report, which provides an exhaustive analysis of the many types of vendor software and methodologies offered to protect host-based computers through application controls that limit what can be run.
The major uses for application control and whitelisting today are to lock down production servers and embedded or fixed-purpose devices and PCs. Deployment tends to be more complicated in enterprise deployments for general-purpose users that may have constantly changing application needs or wishes.
The report provides an exhaustive summary of the various application-control products on the market today and the platforms they support (smartphones are largely missing). Burton Group details seven main categories of whitelisting software, noting that increasingly, whitelisting is available as capability that's been integrated into software for life-cycle management or anti-malware.
The Burton Group concludes that enterprises should consider application control and whitelisting as a "strategic or tactical approach to deployment" but "in either case, recognize that difficult learning curves for administrators and cultural changes for users may lie ahead." In the end, it makes sense to start with the "easy, more static use cases" before jumping into use cases that are more complex and dynamic, the Burton Group report concludes.