An Analysis of Whitelisting Security Solutions and Their Applicability in Control Systems
Whitelisting is described by its advocates as "the next great thing" that will displace anti-virus technologies as the host intrusion prevention technology of choice. Anti-virus has a checkered history in operations networks and control systems many people have horror stories of how they installed anti-virus and so impaired their test system that they simply couldn't trust deploying it in production.
While anti-virus systems detect "bad" files that match signatures of known malware, whitelisting technologies identify "good" executables on a host and refuse to execute unauthorized or modified executables, presumably because such executables may contain malware. This is a least privilege approach of denying everything that is not specifically approved.
In this paper the Industrial Defender team performs an independent analysis of a variety of whitelisting solutions for their applicability to control systems. The paper closes with some recommendations related to this technology and areas for further research.
There's More to This Story
Get more. You can read the rest of this story and other exclusive content as a Control Global community member. It's FREE, and it’s easy. We just need your name and email address. Then you can read everything you want on our site and even comment on it.
Author: Andrew Ginter, ISP, CIPS, CISSP, Chief Security Officer, Industrial Defender, Inc. | File Type: PDF