When it comes to filtering internet content, whitelisting is an approach that is attracting increasing interest from CIOs and CISOs (Chief Information Officers and Chief Information Security Officers) thanks to the very high level of security it provides against increasingly sophisticated ransomware and other cyberattacks.
As explained by ANSSI (the French National Cybersecurity Agency) in its cybersecurity best practice guides, working in "whitelist" mode allows you to control network and application traffic by only allowing recognized and pre-qualified traffic. A whitelist therefore contains all the websites and applications (internal URLs or SaaS mode) to which navigation is authorized.
The whitelist is a real innovation in internet filtering.
With the explosion in the number of email attacks and fraud, particularly phishing, it is becoming increasingly complex to filter internet content in order to detect potential threats in time. With more than 2.6 million emails exchanged worldwide every second and the widespread use of HTTPS protocol for websites, many attacks are now "hidden" in encrypted web traffic and are more difficult to detect...
The real question in this case is: should we try to detect everything? Because the time between a user clicking on a link to download a file from the web containing a threat is getting shorter and shorter... It is in this sense that whitelisting is a real innovation today for protecting information systems from cyber threats, even though it has existed in principle for a long time, since it will refuse any network traffic to an unknown website or an unauthorized SaaS application.
Operating in whitelist mode to filter internet content significantly reduces the attack surface and exposure to growing threats. The example of the massive hack by the CCleaner tool in August 2017 is particularly interesting, as it managed to infect more than 700,000 computers worldwide, including those of companies such as Google, Microsoft, and Samsung. Only companies that operated in application whitelist mode were able to protect themselves effectively, as few companies had ultimately included it in their "blacklist."
Unlike a whitelist, a blacklist contains all the websites and applications that are prohibited from being accessed. While this can be effective in terms of filtering internet content to prevent employees from surfing prohibited sites, it can never be exhaustive given the speed at which the internet evolves and dozens of new URLs are created every second. Cybercriminals know this and now use ephemeral URLs created on the fly that only the whitelist is capable of filtering... The whitelist is therefore significantly more effective than the blacklist in terms of cybersecurity.
The whitelist is essential for internet filtering in certain sectors:
Certain organizations require advanced cybersecurity protection, particularly Operators of Vital Importance (OVIs), which are supported by ANSSI. For these organizations, whose activities are essential to the basic needs of the population and even to national security, internet content filtering must be flawless in order to eliminate any risk of cyber threats, and only whitelisting can provide this high level of security.
Beyond OIVs, the whitelist is also essential for filtering internet content in national education activities if we want to be able to guarantee virtually zero risk for our children. This allows schools, middle schools, and high schools to filter and block access to all websites except those included in the authorized whitelist.
To avoid hindering business, the list must be of very high quality.
The risk of a whitelist that is not sufficiently up to date and therefore too restrictive is that it slows down an organization's efficiency and even reduces its productivity, or worse, encourages certain users to engage in risky circumvention behaviors...
The whitelist that manages internet content filtering must therefore be constantly updated. That is why this has always been our priority at Olfeo, where we have been building our database of authorized URLs and SaaS applications for over 15 years. Today, our whitelist is recognized in the market for its excellent web recognition rate of around 98% on first installation.
We have decided to share our expertise by offering this database under an OEM agreement represented by the Quatily brand.
Companies and public authorities now have the option of only allowing traffic that is deemed truly secure, thereby drastically reducing their exposure to cyber threats. For the remaining 2% of traffic, users must be engaged to make them more responsible, potentially managing overrides as we do in our web security gateway.
Taking greater account of the human factor is essential to improving internet content filtering strategies.
The human factor remains at the heart of web security concerns today. Behavior is not changing as quickly as IT departments would like, and cyberattacks now systematically target end users: ransomware is spreading through massive phishing operations designed to generate clicks on malicious URLs before IT departments have time to filter, analyze, and respond.
Everything is moving very quickly now, and the real challenge for the coming years will be to raise awareness among end users through educational training initiatives designed to change their everyday behavior. CIOs are aware of this and are now seeking to transform users into proactive contributors to security!
This is in line with Olfeo's positive security approach, because although it is often said that in terms of cybersecurity, the problem lies between the chair and the keyboard, at Olfeo we believe that this is actually an underutilized means of protection!
