Automated Software Blacklisting

One of the weakest links in most company’s security process is the timely patching of software on employees’ computers. While the rigor around timely patching is critical, it’s often complicated by a number of things; multiple operating systems, geographically dispersed workforces, and the time and resources needed to manually keep track of each endpoint’s software.

One approach to guarding access from potentially malicious software and patches is blacklisting. Blacklisting is the tactic of identifying entities or applications that are known to put devices at a higher risk of security breach and blocking those applications from being installed or updated. These include obvious things like viruses, spyware and other malware. The strategy is to block any application that is on the blacklist and allow everything else.

As employees increasingly use additional devices like mobile phones and tablets for both work and personal, endpoint protection extends beyond workstations and servers. For instance, below is a list of the top 10 blacklisted mobile apps by companies in the U.S. and other countries (source: Fortune):

The benefit of this approach is it’s easy to manage and allows a broad range of other software to be installed depending on each employee’s business need. The drawback to blacklisting is the effort required to maintain an up-to-date list of malware programs. In 2017, there were 959 new specimens of malware identified per hour, or 16 per minute.

Whitelisting is the opposite approach that defaults to denying access to any application, user, IP address, email, service, or program that isn’t on an approved list. Administrators take into consideration each user’s role, business processes, and privileges, build an approved list, and deem everything else to be bad. Whitelisting is considered to be more secure, more accurate, and easier to customize. While whitelisting creates a simple and distinct perimeter that protects a network, it’s a massive undertaking to manage considering many users’ need for specialized software required for their job function.

As a cloud based endpoint protection solution, Automox supports your security procedures by allowing you to enforce required software and removing blacklisted software that is downloaded without your permission or knowledge. Once you have deployed the lightweight agent across your infrastructure, you immediately have full visibility of the hardware and software configuration of every endpoint.

Using the Automox policy engine, you can create both required software policies and blacklist policies. Once created, you can quickly and easily apply specific policies to groups of endpoints, based on department, geography, or any other criteria you set.

And because Automox is cloud based, it’s ‘self healing’ as well. Once a policy is active, each time it runs, it corrects any changes that have been made since the last time it ran. If someone deleted a piece of software from their device, it will be reinstalled. Or if someone downloaded software that is blacklisted, it will be removed.

To learn more about Automox’s ability to manage your software needs, visit us online. Or to see us in action, sign up for our 15 day free trial. There is no endpoint limit and you’ll have full platform access. And you don’t need a credit card to sign up.

Subscribe to Our Newsletter

Stay up to date on all things patch management

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.