The aptly-named Whitelisting approach to security ensures effective protection of different user categories and helps to solve a number of problems that are relevant today.
Boosting anti-virus performance
An application which is on the global Whitelist does not require regular checking by the security program. This helps to save system resources and improve the application’s performance, while at the same time minimizing the number of inquiry messages displayed to the user.
The Whitelisting database is enormous and is replenished daily with information about millions of new files. If no malicious code is detected, the programs are added to the database. Since 2009, Whitelisting technology has been successfully deployed in Kaspersky Lab’s home user products, i.e. Kaspersky Anti-Virus and Kaspersky Internet Security. With this technology, results from the checking of each individual piece of software are sent to the Kaspersky Network Security (KSN) cloud and become available to its users around the globe almost instantly.
Minimizing the cost of maintaining network security
In medium-sized and large businesses, a network administrator’s responsibilities typically include a broad range of security maintenance tasks. Quite often, one person services networks of several offices at the same time, which may affect the quality of security services provided. This in turn leads to a lower quality of network infrastructure protection and puts the entire business or businesses at serious risk.
In this situation, the system administrator’s job is greatly assisted by comprehensive solutions with single management consoles and integrated multi-tier security tools such as WEB Control, Device Control, Application Control.
Therefore the system administrator can arrange different network rules and policies, as well as access vendor’s databases delivered via the cloud or locally in the endpoint. Network management is getting more easy and less time-consuming with simple use, efficient rules and policies and flexible system.
Improving the efficiency of corporate resource usage
Nowadays, medium-sized and large businesses increasingly face the problem of employees using corporate resources for non-business related purposes, or corporate networks being inadvertently infected with a virus or a Trojan. These problems lead to additional equipment maintenance and network security costs.
Investigations of companies running corporate networks with more than 1,000 computers have demonstrated that up to 80% of all network traffic is non-business related, and up to 70% of employees’ working hours may be spent on non-business related activities. Non-production applications are run on more than 40% of all computers in a network.
Besides working, corporate employees often spend time in chat rooms, on social networks, visiting online stores and exchanging photos via web galleries, etc. Users also install and run applications on their work computers that are not related to their business activities. On average, 3 new applications are installed on a typical corporate network each day, including those that are forbidden by corporate security policies.
To address these problems, a new solution is needed that can combine the advantages of a regular antivirus program with the latest technologies, and which could provide simple and flexible management of all the applications installed on a corporate network. This is our new product based on Application Control and Whitelist technologies.
How it works
When run, an application is checked against the local whitelist database created by the system administrator. This type of database is strongly recommended, as corporate networks usually contain lots of applications.
If the application is not found locally, a request is sent to the global whitelist database located in the cloud. This request only delivers meta data, not the application itself. The cloud-based database constantly receives data from all over the world, which makes it possible to learn more about almost any application.
After the check is completed, any relevant information is instantly sent back to the network, including file category, e.g. driver, operating system, browser, media, etc. As a result, the system administrator is automatically provided with external expertise about a previously unknown object.
The file is then marked as “allowed” or “forbidden”, according to the local network security rules set up by the administrator in Application Startup Control. Non-work-related applications such as games, media or social network clients can be blocked for all users or for a group of users only. The system administrator can also allow access to such applications according to a schedule.
This is an effective solution to the problem of non-productive use of corporate resources as well as increasing corporate network security, which in turn reduces technical support costs.
Protection from targeted attacks
When cybercriminals want to harm a specific company or an individual employee within that company, organized targeted attacks are often used. These attacks can do irreparable damage to a business.
Commonly, corporate security policies allow the execution of any code not identified as malicious. This also drastically reduces a company’s level of network security, making it vulnerable to targeted attacks and the actions of unwary users within the company.
The Default Deny tool is the most effective method of protecting against such occurrences as it prevents the launch and spread of malicious software. This tool is unique as it blocks the launch and execution of any objects which are not on the Whitelist and which have not been clearly identified as secure by the administrator, rather than allowing the execution of any code that is not identified as suspicious or malicious, as regular security products do.
To help system administrators handle the task of applying the Default Deny tool, Kaspersky Lab’s specialists have implemented a feature called the Golden Image. This contains a list of all the essential software needed for a computer to operate correctly.
The use of the Golden Image, the list of locally approved applications and the Whitelisting database in the cloud allows system administrators to create effective policies and rules that ensure network security and prevent targeted attacks.