Take the Next Step with Application Whitelisting
Removing local administrator rights used to be the go-to move for locking down computers and was enough to stop employees from installing or running unapproved applications.
It seemed like an easy fix: Remove the ability to install and run software, remove the unauthorized apps.
Unfortunately, many programs don’t need local admin rights to install or run, which means users (and attackers) still can introduce unwanted or malicious software.
But don’t fret: There is a solution!
Application whitelisting is the next security step, but unfortunately, it’s not a simple solution like removing local admin access.
We’re going to tell you what application whitelisting is and why it’s important for your organization to implement.
What is Application Whitelisting?
Application whitelisting is when IT staff or a managed service provider approves software to run on your computers. It means if an app isn’t on the list (whether it’s a tool a hacker uses or a program your employee found online), it doesn’t work.
This is different from application blacklisting, which is a list of software that is not allowed to run. It only blocks known threats.
Whitelisting assumes all apps are dangerous except for the ones you authorize as safe, whereas blacklisting assumes all apps are safe except for the ones you specify are dangerous.
Application whitelisting is the best way to lock things down, but it’s also a big commitment compared to removing local admin.
Removing local admin is somewhat disruptive, as it could prohibit your employees from installing software they need to work. But as you can imagine, application whitelisting is extremely disruptive because that list of authorized apps needs to be constantly updated to ensure everyone can use the apps they need.
It requires diligence to ensure legitimate apps aren’t blocked. But it’s a great failsafe, as it protects your employees from installing and using potentially malicious software — unintentional or not.
It’s important to note: You must remove local admin rights before you can whitelist applications. They aren’t separate security practices; they go hand-in-hand.
Why is Application Whitelisting Important?
Application whitelisting solves two problems that removing local admin rights only partially solves:
- Stopping attackers, not just users: The real security risk isn’t just employees installing things they shouldn’t — though that is an added benefit — it’s what happens if an attacker gains access to their account. Without local admin access, they have fewer options, but they still can run harmful software in the background if it isn’t blacklisted.
- Keeping control over what’s running: Even without admin rights, your employees still can install and run some applications. That means you don’t always have full visibility into what’s on your network, which can create security and compliance issues.
Application whitelisting is the best way to lock things down, but it’s also a big commitment compared to removing local admin.
Is Application Whitelisting Right for You?
Want to block ransomware before it starts? Let’s talk. At the very minimum, you should remove local admin access, but implementing application whitelisting is another security practice to consider.
Contact us today to schedule a consultation, and let’s secure your business before the next threat hits.
Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.
