Whitelists, Blacklists and Web isolation. What are the differences between these 3 security approaches?
Both whitelists and blacklists restrict and regulate access to corporate resources and information systems but each security practice follows a different logic.
The blacklists are a collection (list) of pages or content that is believed to be harmful and, therefore, is blocked.
In other words: what is bad is blocked, and the rest can pass. This has been, and still is, the basis on which antivirus software works.
However, the greater sophistication and variety of the threats, the less efficient these solutions are:
- Blacklists are efficient only against known threats. If a threat has not been previously “marked or identified” as bad, it will make it through.
- To avoid this, databases must remain updated. Twenty years ago -when hackers were simply amateurs- updating databases was an easy task, but nowadays there are 350,000 new pieces of malware registered every day, making updates far more difficult to manage. On top of that, outdated blacklists may lead to false negatives.
Unlike blacklists, whitelists follow what is called a “default model”. That is, only what has been previously entered in the list can be executed. Everything else will be blocked. The main disadvantages of whitelisting are the following:
- It requires constant update: Whitelisting is a valid solution only for “static” environments that do not change much over long periods of time.
- Whitelists offer more protection (than blacklists) because of their more conservative approach. It’s easier to let only a few things pass, than to be up to date blocking every new threat. However, this has a downside and it is the ease of falling into over-blocking policies. That is, establish a massive blockade, as a preventive measure. This type of measures generates frustration among employees and collapses IT departments with tons of support tickets requesting URL re-classifications. Finally, we cannot forget the false positives generated by these solutions and the loss of employee productivity.
How does web isolation fit in with all this?
Unlike whitelists or blacklists, web isolation distrusts everything. The no distinction between good and bad is the key to its success. By distrusting all content, protection is guaranteed, even when something legitimate is hijacked or when hackers launch new forms of attack, no matter how innovative and different they are.
In addition to “neutralizing” any type of risk, web isolation also allows users to access all the content, even to what was traditionally considered dangerous. This not only reduces the costs of monitoring, compiling and constantly updating, but also increases employee productivity and liberates IT employees who can focus on more strategic tasks.