The amount of new viruses, trojans and other malicious code, collectively known as malware, is exploding and becoming more specific and targeted. This is most evident by the many recently publicized data breaches, where retail point of sale (POS) systems have fallen victim to new forms of malicious code or hack attempts that attempt to siphon off sensitive cardholder information. It's all occurring as businesses face market pressures to serve customers in new ways and at a lower cost.
In light of these evolving dynamics, many businesses and their IT organizations are finding two words unavoidably part of the IT security vocabulary - Application Whitelisting. This technology is being presented as the panacea for sustaining compliance and system security without performance overhead. It is welcomed among retailers to help with protecting POS systems, and is quickly becoming a standard on other systems such as multifunction printers, ATMs, kiosks, and thin client computers.
While the "blacklist" model for security continues to be critical for many environments, the application whitelisting model is a fresh approach that is based on allowing only the known "good" code to execute on a system. IT organizations find this approach essential for systems with low CPU power and limited network connectivity. And while both models have their advantages, a recent Anti-Malware Certification test illustrates that application whitelisting is a highly-effective means of providing security with less overhead and performance impact.
Read this paper for more detailed information about this method.