Application Control and Whitelisting
Aug 13, 2012
Application Control and WhitelistingApplication Control and Whitelisting, a cyber security solution, is a powerful tool to keep network and cyber security programs at their optimal level while reducing the overhead of security system updates. The solution helps combat viruses and malware from attacking control system platforms.
Integrated business and production systems require careful design and infrastructure to ensure selective access and security. While whitelisting solutions have been deployed in business IT environments for years, their introduction into automation control systems is relatively new. Honeywell worked with global end users to test and advance the application before launching this tool in their evolving cyber security arsenal.
Application Control and Whitelisting protects from unwanted intrusions by permitting only applications and executable files that are considered safe and on an “approved list” to run, while blocking everything else. It’s a manageable and scalable tool that is a good safeguard against some zero day intrusions – where defenders have no prior awareness of a vulnerability and can enable better change management and protection against unauthorized alterations to the system configuration.
Traditional cyber defense plans tend to emphasize the practice of blacklisting, in which applications known to be dangerous are placed on a “blacklist” and prevented from accessing the system. While this strategy is effective against most known threats, it fails to address the period of lag time between the generation of new threats and the recognition of them, during which time the system is vulnerable.
Whitelisting software operates in the reverse, allowing only applications authorized by system administrators to run on the system and blocking all others. Advancements in whitelisting demonstrate ways to quarantine unauthorized software upon discovery as well as to produce a file system inventory that can accelerate verification of software on a hardware platform. Thus, the vulnerabilities left by blacklisting alone can be addressed by system administrators and secured.
When used as an additional layer of protection to traditional blacklist anti-virus software, whitelisting provides value through eased integration, eased deployment, and enhancement to a process manufacturer’s overall cyber security strategy.
ISA Partner Spotlight
All contents copyright of ISA © 1995-2012 All rights reserved.