LimeWire. Chinese spyware. Screen savers embedded with malware coding.

These are a few of the “favorite things” listed on the “What’s On Your Endpoints” survey of more than 1,200 IT security professionals conducted last year. The survey revealed that unauthorized, illegal and downright malicious software continues to sneak its way onto laptops, desktops and servers despite the layers of fortifications put in place to thwart them. Today agencies are being bombarded with attacks and one measure they are using is whitelisting security technology for the foundation of their IT security.

What is Whitelisting security technology?
For more than 20 years the security industry has been chasing an infinite list of malicious software and creating a blacklist to prevent it from running. Given the exponential growth in malware and the targeted nature of today’s attacks this reactive approach is now ineffective – evident by the number of data breaches still taking place.

In response, Whitelisting technology allows the execution of software that you trust and denies all other software. Games, Instant Messenger, Spyware, Rootkits, Keyloggers, Botnets, Advanced Threats – if this software is not something you trust, it will not install or run.

What is the problem Whitelisting addresses?
The explosion of malware and the inability of existing blacklisting defenses to defend computer systems was clear this past December during the Operation Aurora zero-day attacks that targeted many of the United States’ top technology companies seeking information and intellectual property. Government agencies have been under attack by these Advanced Persistent Threats for years and it was only this recent public admission that brought them into the public consciousness.

The Symantec malware report showed 2,895,802 new malicious code signatures created in 2009, a 71 percent increase over 2008. And 240 million distinct new malicious programs were detected, a 100 percent increase over 2008. These attacks have created a never-ending game of catch up that can take days and even weeks to address. I often imagine Wile E. Coyote futilely chasing Road Runner. It’s just not going to happen. Software vendors are continuously releasing patches to security vulnerabilities found the code; Antivirus companies are continuously pushing out large .DAT files filled with new signatures to stop the newest malware that will then morph into an undetectable state within a few hours.

Benefits of Whitelisting Security Solutions
First, let’s be realistic. There is no silver bullet in security and a layered, defense-in-depth approach is needed to protect computer systems.  Whitelisting provides what Gartner has termed a “foundational” solution to endpoint security. By not needing to identify the attack by a signature – in terms of antivirus or behaviorial host intrusion detection systems (HIPS) – security professionals are able to stop zero-day and targeted attacks.

One example: a security team at a US Command used Application Whitelisting as that foundational defense during a “Red Team” exercise. A targeted attack came in through a very realistic email that talked about new organizational rules. The program was not caught by the existing defenses of Antivirus and HIPS, but was stopped by Application Whitelisting because the malware was not on the whitelist and therefore not approved to run.

Whitelisting, which takes the security engineering “default deny” approach and puts layers of nuance on it when applied to endpoint security (a topic for another day) was first introduced in 2002. Today, it has become a fundamental base in the security stack, helping government organizations in their fight against advanced threats.