An Introduction to Whitelisting
Do you have corporate initiatives that require you to patch and run antivirus applications on your control system server and workstations? As with many of our customers, corporate IT groups determine requirements for all systems across the organization. This is all done with good intention but they often have little or no idea of what happens inside the industrial workspace.
Many times we work with organizations that have had the same systems in place for 10, 20, and even 30 years. This is understandable. These are extremely expensive and complex solutions that when built, were top of the line. To retrofit a million dollar batching line just because it is running Window XP is unnecessary. Especially when you spend all your money to update these systems and you still produce the same amount of product at the end of the day.
So, what can you do?
Application whitelisting is a solution that can be used to learn your software requirements and lock it down to prevent changes by rogue software, malicious attack, or even accidental change. With application whitelisting, you also no longer have a need for antivirus programs that consume precious CPU cycles and memory overhead. All the antivirus program is doing is blacklisting known bad files, but it has no idea that a zero day virus is bad. With whitelisting, it doesn’t matter, files are reviewed and approved or disapproved based on your established rules and setting. Any change to your files or programs that deviate outside your criteria will cause the system to automatically disallow access or use of the system. The altered file is no longer approved to be open or run.
So you’ve successfully implemented whitelisting and have blocked a necessary file. What happens next? Stay tuned.
By Marty Van Der Sloot