Start the whitelisting program and snapshot the host. The whitelisting program will create all the rules necessary to allow the software on the current computer to run. Then enable whitelisting protection, but in audit mode only. Let it run for a week or longer and see what shows up in the logs as items the whitelisting software would have blocked. Update your rules to take into account the new stuff you found, then enable the full force of the whitelisting program.
Yes, you'll encounter a few bumps in the road and learn a few lessons, but you'll be on the path to truly secure computing while everyone else is twiddling their thumbs and wondering why they continue to be hacked.
The hard part: Updating the list
You'll need an approval committee that reviews new software addition requests. If you want a sustainable whitelisting initiative, that committee should be built for speed. If you can't approve most new requests within one or two days, don't start a whitelisting program. In fact, you'll need an effective fast-track process where someone can review and approve software on the spot -- or at least within one or two hours.
If you can respond with speed and prove it over and over, most of the people who claimed they were going to hate whitelisting will become fans.
Most -- but not all. Some will insist that the ability to try new software has become essential to productivity and they should be free to experiment however or whenever they like. In certain environments, that may be true.
But if you work in an organization that's been the victim of a breach or other major hack, I bet you'll find allies -- because whitelisting is the only preventive measure that truly works.
This story, "The one security technology that actually works," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.