Despite continuing debate over whether blacklisting or whitelisting software is better for securing endpoints, the merits of the two approaches are relatively clear for fixed function devices. This is because devices, such as point-of-sale (POS), medical equipment, industrial control systems and aeronautical systems, generally run a pre-defined set of applications. This attribute favors whitelisting when the main objective is protecting the device, as in neutralizing malware. When it’s necessary to protect a device against infected data – at rest or in transit – blacklisting is needed to find the viruses and counteract them. Here are some simple definitions to level set this discussion:
Blacklisting, also referred to as anti-virus (AV), is a traditional security approach that blocks, and often eradicates, malicious code or data containing a known or suspicious character string documented in a regularly updated malware signature file (i.e., blacklist).
Whitelisting maintains a carefully controlled list of permitted, trusted code (i.e., whitelist), which is allowed to execute, while unknown or unauthorized software is prevented from running.
With cyber attacks escalating and dangerous Stuxnet-class threats on the rise, the security posture of fixed function devices is a growing concern for IT managers. Whitelisting, though not as widely used as blacklisting, provides some significant security and cost advantages. This solution brief compares these two endpoint security software options and suggests how IT managers can stipulate security requirements in requests for proposal (RFP) for fixed function devices or seek out devices with robust security solutions. Supporting both whitelisting and blacklisting models, McAfee* Embedded Control, along with Intel vPro™ technology, enables industry leading security protection and remote management.