Intelligent Application Whitelisting

Michael Vizard

One of the concepts being floated around the RSA Conference 2010 this week is the need to develop an intelligent approach to whitelisting. The basic concept behind a lot of IT security is that we blacklist sites that are known to be malicious and we whitelist sites that are known to be safe. The 90 percent of all sites that fall between these two definitions would be somewhere in a gray area between black and white.

Because no one would know what to make of an idea called 'graylisting,' Lumension Security is pushing a concept called intelligent whitelisting. The basic idea is that security software should learn and keep track of not just what sites are safe, but specifically what pages within a given Web site are safe. We all know that the vast majority of public-facing Web sites are infected with malware, but not every page on every site is infected.

According to Ed Brice, senior vice president for global marketing at Lumension, whitelisting has been scorned by end users and security professional alike because it's a dumb, brute force approach to security. Lumension is advocating a new approach that combines frequent updating of whitelists with blacklisting inside the Lumension Endpoint Management and Security Suite.

At the core of this offering is a new rules-based engine that allows security managers to define more elastic policies that define more granularly in terms of what types of changes can be introduced into the overall environment.

Only time can tell if this approach will work, especially given Microsoft's misadventures with whitelisting in Windows Vista. But it's pretty clear that rigid security policies not only get in the way of productivity, they also wind up being circumvented by the end user. Maybe the time has come to try another more flexible approach that can still get the job done without driving everybody crazy in the process.

Add Comment      Leave a comment on this blog post
Jun 10, 2010 2:06 AM Paul Rosenberg Paul Rosenberg  says:
Greetings, I wanted to bring BluePoint Security to your attention. This product has already achieved what is being discussed in your post about Lumension. Bluepoint uses a unique cloud based application whitelisting approach coupled with a cloud AV scanner. It uses both a global whitelist and a local whitlist with very simple features that allow end users to whitelist applications they need but are not already recognized while silently protecting them from malicious code. I have the Personal Edition installed on hundreds of machines including medical offices, sleep labs and other critical production environments. I invite you to learn more at This product has made a huge difference for my customers and my computer service business. I would be happy to answer any questions too. Thanks. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.