1. Mitigating the growing range of internal and external threats your organization faces.
2. Stretching the limited resources you’ve been given for the job.
Why Whitelisting is Important
Whitelisting is an essential security discipline. It reduces risk by blocking unauthorized software, including malware, from being installed and executed. This effectively disrupts the cyber kill chain for many malware based attacks. In an increasingly consumerized tech world, people have become accustomed to accessing whatever apps and resources they want from the cloud. But their indiscriminate downloading can put your organization in peril. So you need to govern what they can and can’t access using either blacklists or whitelists.
The blacklist vs. whitelist debate is an interesting one. For the moment though, let’s assume that you’re a whitelister—which usually means that you have concerns about the completeness of blacklisting. With a whitelist approach you can better ensure that you are only allowing your people to access resources that are known to be both safe and useful.
Why Whitelisting is Hard
While whitelisting is wonderful conceptually, it can be difficult and time-consuming to execute correctly in the real world. There are three reasons for this:
- Apps change. Organizations used to depend on a limited number of apps that were only upgraded periodically. Today, we use more apps that get updated more frequently. And we adopt new apps much more often than we used to. This adds to the administrative work of maintaining accurate and appropriate whitelists over time.
- People change. Whitelists tend to be role-specific. So when someone’s role changes, their whitelist has to change, too. This further adds to administration. Plus, if you don’t make the right changes quickly enough, you can inadvertently limit their productivity in their new position for a while.
- Conditions change. In a mobile world, it has become appropriate to make whitelisting condition-contingent. You may, for example, want to allow access to certain apps when people are on-site—but disallow access when they’re not. Or you may want to whitelist an app only when it is being used on a secure connection, so it gets “de-whitelisted” when someone uses public Wi-Fi. This kind of policy definition and enforcement can also add administrative pain even as it delivers security gain.
The Solution: One-Pass, Context-Aware Whitelisting
RES solves the whitelisting problem in two ways:
- We provide a policy engine that makes it easy for you to capture whitelist baselines, link people’s whitelists to their roles as defined in your HR systems, define other whitelist parameters as appropriate (device, network connection, location, etc.), and enforce those policies.
- We integrate with continuous compliance and system security administration tools like IBM Endpoint Manager (previously known as BigFix) so you can use those tools to actually distribute and enforce whitelists across your environment. This integration allows you to leverage your existing management infrastructure and reduce your total cost of security administration. Better yet, it’s a two-way integration—so you can use your central RES interface to drive your distributed IBM Endpoint Manager environment and use the IBM Endpoint Manager dashboard to administer RES.
So if you want to more effectively secure your environment by better governing which services people can and can’t use—and you want to do it in an automated way that minimizes day-to-day manual administration—take a look at what RES can do for you. You’ll be safer and more efficient.