Whitelisting explained: How it works and where it fits in a security program

What is whitelisting?

Whitelisting is a cybersecurity strategy under which only pre-approved or trusted users, entities, or actions are allowed to operate on a system or network. Instead of trying to keep one step ahead of cyber attackers to identify and block malicious code, with a whitelist approach, IT security teams instead identify trustworthy agents, applications, and sources that are then pre-approved for access to a given system. Via whitelisting, trusted entities — such as software applications, email addresses, or IP addresses — are granted special access and privileges that other entities are denied by default.

Benefits of whitelisting

Because whitelisting is a denial-by-default approach to security, if implemented properly, it can keep many cybersecurity problems at bay. By preventing unauthorized access, whitelisting can greatly reduce the risk of malware infection and cyber intrusion, giving IT security teams strict control over what can run on or access systems within the enterprise.

Whitelisting can also be set up to provide security admins fine-grain control over access, and the approach simplifies security by enabling security admins to focus solely on monitoring approved entities, while reducing the amount of false positives that can come from traditional blacklist approaches.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button