Blog

IT Insight: Embrace a Zero Trust/Application Whitelist

advanced it support

Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. The Zero Trust model is a service that will stop applications from being installed that are not approved. We are trying to take away the ability for applications to be installed just by anyone, the user, but also by imposters, by creating a “whitelist” of approved applications. Application whitelisting or “app whitelisting,” allows only those applications that are included on this “safe” list.

How can a Zero Trust model benefit your company and make it more secure?

Utilizing a service that blocks software from running that has not been approved, blocks malware or other unwanted software as well. Really, we are changing the Windows dynamic. The Windows dynamic for years has been wide open for users to download and install anything they want on their devices, often in the business environment, your business network. It is an open platform.

There are only a few steps to implement a Zero Trust model. The first thing to consider, is taking away what are called local admin rights on all the PCs. Remember, the dynamic of the model has been that Windows has been wide open, you can do whatever you want in that Windows world often with many people logging into their accounts with their own local administrative rights on their PC. Your users should not have that ability.

The second step will be to choose a service, such as a product called Threat Locker. Your IT professional installs that agent on your machine within “learning mode” for two to three weeks. That “learning mode” is going to learn all the software that is currently on your  machine at that time with the assumption that what is installed on your machine are the things that you need for your daily business. Those allowed programs will be “whitelisted” for you automatically. Whitelisting is a way to evaluate what software should not be there that could cause trouble to your infrastructure. It is going to list in the service, everything that is on everybody’s machine, on a PC-by-PC basis.

At the end of the two-to-three-week period, the third step is to enable the agent.

At this point, everything that is installed on that machine is going to be allowed, and anything new cannot be without the approval of IT. We can assess at this point if games, gambling software or coupon generating software is necessary. If it is not company approved, it needs to go.

The upside is that no hacker or imposter can install anything either. It is the ultimate protection from any kind of ransomware, malware, a breach, or phishing attack that installs something on your machine. These will be prevented automatically.

What could be the downside? The biggest downside is that if you need to run something immediately, with the most common scenarios of “I need to do this WebEx” or “I need GoToMyPC” because you are talking to a vendor, you may have a brief period, where you are waiting to get approved for that software. There are things that can be done if you use WebEx or GoTo Meeting, which can be approved ahead of time. The other downside is that you will need a support infrastructure that is coming from your Managed Service Provider or from somebody inside your company that can quickly and responsibly say, “Yes, I am going to approve that. I see the software. I get that it is a normal piece of software for your daily use and I’m going to say yes to it.” Or they may say, “Why are you trying to install that? Or was that you?” You do need a support infrastructure and a policy in place to make this work effectively.

Combined with your Cyber insurance, Zero Trust Security provides depth to your security. The Zero Trust model of defense helps to protect your critical assets and combined with your current cyber insurance plan, reduces risk to your business.

Managed Detection and Response, (MDR), is a higher level of cyber security framework provided through PCG. MDR is a step up from typical cyber hygiene. This higher level of cyber security will target what your business needs to do for compliance such as sending monitoring of all your logs. MDR will add Threat Locker, which provides app whitelisting or the Zero Trust model. With MDR you will get more management and a detailed look at those logs and priority responses to issues that are security related. We will touch on this at another time.

For more information at all levels of protection for your business network, contact PCGiT- Comprehensive Managed IT and Security Services, tailored to your business.

JoAnn Hodgdon is vice president and co-founder of Portsmouth Computer Group (PCGiT) with her husband David. PCG provides comprehensive managed IT services, business continuity, security, cloud computing and Virtual CIO services to their clients. You may reach her at joann@pcgit.com or at www.pcgit.com.