What is application blacklisting?

Block Threats With Application Blacklisting

Application security breaches are one of the most common cyber threats companies face. Malicious actors can use vulnerabilities in one of the many applications an organisation uses to get past their cyber security defences and access their network. Application blacklisting, also often called application blocklisting, is the process of implementing security measures that prevent particular software from being installed on a company’s network and devices.  

Blacklisted applications could be programs with known vulnerabilities that are frequent targets for hackers. Better yet, an application blacklist can prevent malware itself from infecting your IT infrastructure, whether through installation by cybercriminals or accidentally by company employees. Subsequently, blacklists are a fundamental part of application security and an excellent way of reducing cyber risk within an organisation.  

With this in mind, let’s look at application blacklisting, how it works, and how it helps improve your company’s cyber security. 

Why is application blacklisting important? 

Application blacklisting is important because it offers a method of automated control over which software can be installed on your company’s network. Instead of security teams having to respond to each individual instance of a user installing a restricted application, a blacklist pre-emptively prevents its installation altogether. Subsequently, application blacklisting is an automated risk management strategy that then frees security teams to spend more time mitigating other cyber threats. 

Another essential reason to implement application blacklisting is to reduce the presence of shadow IT, i.e.,  employees installing applications without their IT department’s permission or awareness. This is a risk for companies as users can install applications containing known vulnerabilities, and as IT isn’t aware of the application, they can’t monitor it – increasing the risk of a data breach or malware infection.  

Benefits of application blacklisting 

Stops malicious applications from entering your IT infrastructure 

If known malicious software is added to the blacklist, it will prevent its installation, mitigating that threat. Similarly, blacklisting applications with known vulnerabilities, like backdoors, prevents them from later potentially being infected with malware.  

Prevents unauthorised access 

On a similar, with fewer vulnerable programs on your network, malicious actors won’t be able to take advantage of those flaws to gain access to your company’s data and digital assets. 

Limits distractions 

Studies have shown that distractions in the workplace cost the US economy alone $650 billion annually. Social media applications and other distracting websites significantly contribute to this, with employees spending 12% of their working hours on sites like YouTube and Facebook. Blacklisting such applications makes your employees less prone to distraction and helps increase their productivity.   

How does application blacklisting work? 

Application blacklisting works through the use of a blacklisting tool or solution, which maintains the list of programs that users can’t install on the company network. Each application has an associated digital signature that distinguishes it from other software. If the blacklisting tool detects this signature as the program attempts to execute, it will prevent it from doing so.  

An antivirus solution works in a similar way to prevent the installation of known malicious applications. As well as storing the signatures of known malware, the antivirus program’s database also holds heuristics, i.e., behavioural characteristics indicative of viruses, ransomware, worms, etc.  

Additionally, for more granular control, an effective blacklisting tool allows your security teams to create custom user groups with different configurations. That way, employees whose roles necessitate they be able to run specific blacklisting programs retain their access privileges while restricting installation for the rest of the company.  

Conversely, when it comes to blacklisting web applications, this can be handled by a firewall with DNS-based restriction capabilities and/or a web filter. A firewall will block web applications based on their domain or IP address. Firewalls also block suspicious traffic, further reducing the chance of a malicious application finding its way onto your network. A web filter supports a firewall in blacklisting web applications by blocking them by their URL. That way, if a web application has a dynamic IP address, it won’t slip past the firewall and still be accessible by employees.   

Application whitelisting vs blacklisting 

Application whitelisting is an alternative approach to blacklisting where security teams maintain a list of authorised applications instead of restricted ones. With application whitelisting, if an application isn’t on the list, it won’t be able to run on the company’s network.   

Now, the advantage of application whitelisting vs blacklisting is that you don’t have to explicitly specify an application for it to be restricted. The whitelisting tool will check the application’s signature and automatically prevent it from executing if it’s not a listed application. This effectively prevents the installation and spread of malware, as it doesn’t have to have a known signature to be blocked.  

Conversely, despite being more secure, application whitelisting is more administratively expensive than application blacklisting. This is because an employee will have to request permission to install an application not on the whitelist. This typically involves contacting their IT helpdesk, who’ll determine the security status of the requested application and add it to the whitelist if it’s not deemed a threat. That said, however, security teams can maintain a whitelist far more efficiently if their whitelisting solution makes use of pre-existing policy templates, which contain whitelists based on prior threat intelligence.  

Applications your company should blacklist 

Adobe Flash Player 

Although Adobe’s Flash Player was a cornerstone of surfing the web in the early days of the world wide web, today, it’s most famous for being an application with lots of security vulnerabilities. Because it was deployed in practically every web browser, Flash was a popular target for cybercriminals and, subsequently, one of their most common attack vectors. Thousands of CVEs (common vulnerabilities and exposures) were discovered in Flash over time, and Adobe struggled to keep up in developing fixes – leading to its discontinuation.  

As a result, the latest generation of versions of browsers (Chrome, Firefox, Edge, etc.) doesn’t have Flash installed. If any device on your company’s network still contains Flash, uninstall it immediately. 

Apple iTunes for Windows 

Ironically, Steve Jobs never wanted iTunes to be developed for Windows, as it consistently features on lists of the most vulnerable applications. The key reason for this is that Windows’ version of iTunes is notoriously buggy: a fact exploited by hackers for years. Worse, it’s common knowledge that iTunes users often neglect to install the updates designed to fix its many vulnerabilities, making them a common target for malicious actors. Additionally, iTunes used to be bundled with Apple QuickTime, another well-known cyber security risk, putting unsuspecting users in twice the danger.  

Microsoft Office 2007  

Companies are often reluctant to replace productivity software like Microsoft Office, as they want to avoid the growing pains of their workforce getting to grips with the updated version. When it comes to Microsoft Office 2007 in particular, Microsoft officially stopped offering support for it in October 2017. This means they’ll be no more critical security updates for it, and any further CVEs will not be addressed. So, if you’re still using Office 2007, stop doing so immediately – and scan your network for intrusions to mitigate potential threats already within your IT ecosystem.  

How can RiskXchange help you prevent security threats? 

RiskXchange’s attack surface risk assessment will highlight which applications in use within your company’s IT infrastructure pose a security risk. From there, we’ll help create a comprehensive application blacklist that will help mitigate a wide range of cyber threats. Contact us to start reinforcing your company’s application security.