Is Whitelisting a Good Security Practice?

Whitelisting has been for sure a relatively standard and sometimes as a hardening security measure but it depends how we implement and maintain it and where it is initially enforced. 

Whitelisting could be against you if setup at the wrong spot or with inadequate supportive elements. I highly recommend whitelisting behavior rather than whitelisting elements like applications, IP addresses, emails, domains, users… 

One of the most obvious negative usage of whitelisting is where we unintentionally give more opportunity to file-less malware attacks and all sort of insecurities around anything whitelisted among operating system without being supported by enough factors and elements of validation. This is simply when we rather focus on behavior than solely origination of a file for example. 

Blind whitelisting, that what I call when we just filter based on one factor, is highly prone to be defeated. It is vulnerable to forgery and easily bypassed because there is no support. File-less malware heaven is actually a traditional whitelisting approach. 

What is so effective and almost undefeatable is behavioral whitelisting where we filter a set of elements even considering order of execution. For your information, almost all EDR solutions in the market currently either lacking behavioral whitelisting, or they solely rely on traditional one-stop whitelisting which is really dangerous and totally against the nature of an EDR.

By Kaveh Mofidi

I find simple solutions for huge and complicated problems. I believe information security and computers in general are fun to deal with, but our problems are way bigger than securing information. The real deal is to find solution for unlimited clean energy, drinkable water, mitigate root cause of hunger, war, and injustice...We need to keep our planet livable, that is our real problem on the Earth! Contact me with any question or comment: