Layer 8 considerations
Administrators trying to implement a whitelisting program across a large organization should make sure to have senior management's buy-in. Once you start taking away users' "freedom," the complaints will start coming. I've yet to see an administrator turn on enforcement mode, even after weeks of application inventorying, without some mission-critical application that escaped detection being temporarily interrupted. IT shops using application control must be immediately responsive to customer needs and requests.
One of the biggest unexpected side effects of using a whitelisting program in enforcement mode is lower support costs. Companies that are able to lock down desktops have significantly fewer troubleshooting events and rebuilds. Although some users will complain about their inability to install anything they like, the lockdown also means that users won't install nearly as much malware, and that, along with the savings in support costs, usually translates well to senior management.
Most companies will want to define emergency and ad hoc approval processes so that requested software can be whitelisted and allowed to run as quickly as possible. No one wants to tell the CEO that he has to wait a week for his new golf game or stock trading program to get approved. Some environments enable enforcement mode only on problematic users with a history of abuse, while running auditing mode for everyone else. Every company should create baselines from images and programs their users are supposed to be running, and use the whitelisting solution's reporting feature to track deviations and drift.
This review ranks the whitelisting programs based upon overall functionality, including the file types and operating systems they cover, accuracy and effectiveness against policy violations, administration (how hard was it to configure and manage), reporting (including alerting), and overall value. As noted above, all of the reviewed products performed well. There are many good choices here, and the real challenge is in picking a product that has the best feature set for your environment. One product, Bit9’s Parity, rose to the top and should be included in anyone's consideration list.
Read the individual reviews:
Bit9 Parity 5.0 shines brightest among whitelisting competitors with strong protection and useful risk metrics
CoreTrace Bouncer 5 provides first-rate application control with a few unique features
Lumension Application Control is a competitive product with a number of standout features and one significant omission
McAfee's whitelisting protection for Windows, Linux, and Solaris is short on shortcomings
SignaCert is great for monitoring compliance with application and configuration policies, but it lacks built-in blocking
Microsoft's AppLocker is limited compared to third-party options, but you can't argue with the price
This story, "InfoWorld Test Center review: Whitelisting security comes of age," was originally published at InfoWorld.com. Follow the latest developments in information security and endpoint security at InfoWorld.com.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Now that we're down to the wire, many upgraders report that the installer hangs. If this happens to...
Angular 3 will have better tooling and will generate less code; Google also is promising a new major...
The Trump team’s plan for the FCC would strip it of authority to champion consumer rights and combat...
Avoid the five resume writing mistakes most commonly seen in the IT Resume Makeover series ...
Thanks to Docker, container adoption has been huge. The benefits to developers have been, too. But the...
Windows 10 tip: Largely unchanged since Windows 7, the Reliability Monitor excels at jogging your...