Internet content filtering: is the white list viable?
When it comes to filtering Internet content, whitelisting is an approach of growing interest to CIOs and CISOs (Chief Information Officers), thanks to the very high level of security it will provide against the growing sophistication of ransomware and other cyber attacks.
In fact, as the ANSSI (Agence Nationale de la Sécurité des Systèmes d'Informations) explains in its cybersecurity best practice guides, working in "whitelist" mode enables network and application flows to be controlled by authorizing only those recognized and qualified in advance. A whitelist contains all websites and applications (internal URLs or SaaS) to which browsing is authorized.
The white list is a real innovation in Internet filtering
With the explosion in the number of e-mail attacks and frauds, particularly phishing, it is becoming increasingly complex to filter Internet content to detect potential threats in good time. With more than 2.6 million emails exchanged worldwide every second, and the widespread use of HTTPS protocol for websites, many attacks are now "hiding" in encrypted web flows, and are more difficult to detect...
The real question here is: should we try to detect everything? Because the time lapse between a user clicking on a link to download a file from the web containing a threat is getting shorter and shorter... It is in this sense that whitelisting is a real innovation today for protecting your information system from cyber threats, even if it has existed in principle for a long time, since it will refuse any network flow to an unknown web site or an unauthorized SaaS application.
Working in whitelist mode to filter Internet content considerably reduces the attack surface and exposure to growing threats. The example of the massive hack by the CCleaner tool in August 2017 is moreover interesting since it managed to infect more than 700,000 computers worldwide and among them companies such as Google, Microsoft or Samsung. Only companies that operated on an application whitelist were able to protect themselves effectively, as few companies had finally integrated it into their "blacklist".
Unlike the white list, the black list contains all the sites and applications to which browsing is prohibited. While this can be effective in terms of filtering Internet content to prevent employees from surfing prohibited sites, it can never be exhaustive at the speed at which the Internet is evolving, with dozens of new URLs being created every second. Cybercriminals know this, and now use ephemeral URLs created on the fly, which only the whitelist is capable of filtering... The effectiveness of the whitelist in terms of cybersecurity is therefore clearly better than the blacklist.
The white list is indispensable for Internet filtering in certain sectors:
Certain organizations require advanced cyber security protection, such as the "Opérateurs d'Importance Vitale" or "OIV", which are supported by the ANSSI. For these organizations, whose activities are vital to the essential needs of the population and even to the security of the nation, Internet content filtering must be beyond reproach in order to rule out any risk of cyber threat, and only the white list is capable of providing this high level of security.
In addition to IVOs, the whitelist is also essential for filtering Internet content in the educational activities of the national education system, if we are to be able to guarantee virtually zero risk for our children. Schools and colleges can filter and block all websites except those on the authorized white list.
In order not to be an obstacle to business, the list must be of the highest quality.
The risk of a whitelist that is not sufficiently up to date and therefore too restrictive, is to slow down an organization's efficiency or even degrade its productivity, or worse, to encourage risky circumvention behavior on the part of certain users...
The whitelist that manages Internet content filtering therefore needs to evolve constantly. That's why this has always been our priority at Olfeo, where we've been building our qualified database of authorized URLs and SaaS applications for over 15 years. Today, our whitelist is recognized on the market for its excellent web recognition rate of around 98% on first installation.
We have also decided to share our know-how by offering this database as an OEM contract represented by the Quatily brand.
Companies and public authorities now have the opportunity to authorize only those flows that are truly secure, and drastically reduce their level of risk in the face of cyber threats. For the remaining 2% of flows, it's necessary to interact with the user to make them aware of their responsibilities, and to manage any overruns, as we do with our web security gateway.
Taking more account of the human factor is essential to improving Internet content filtering strategies
The human factor remains at the heart of web security concerns. Behaviors are not evolving as quickly as IT Departments would like, and cyber attacks now systematically target end-users: ransomware spreads as part of massive phishing operations whose aim is to generate a click on malicious URLs before the IT Department has had time to filter, analyze and react.
Everything is moving very fast these days, and the real challenge in the years to come is to raise end-user awareness through pedagogically-oriented training initiatives, so that they change their behavior on a daily basis... CIOs are well aware of this, and are now seeking to transform the user into a proactive element of security!
This is in line with Olfeo's positive security approach, because while it's often said that in terms of cybersecurity, the problem lies between the chair and the keyboard, we at Olfeo consider that it's rather an under-exploited means of protection!