Visible to the public Prevention of Ransomware Execution in Enterprise Environment on Windows OS: Assessment of Application Whitelisting Solutions

TitlePrevention of Ransomware Execution in Enterprise Environment on Windows OS: Assessment of Application Whitelisting Solutions
Publication TypeConference Paper
Year of Publication2018
AuthorsTuraev, H., Zavarsky, P., Swar, B.
Conference Name2018 1st International Conference on Data Intelligence and Security (ICDIS)
Date Publishedapr
ISBN Number978-1-5386-5762-1
Keywordsadministrative privileges, application control solutions, application whitelisting software, Application Whitelisting Solutions, AppLocker, authorisation, blacklisting, business data processing, CodeShield, composability, cryptography, data breach prevention, Databases, enterprise environment, invasive software, malicious files, Malware, Metrics, Microsoft Windows (operating systems), Organizations, pubcrawl, ransomware, ransomware execution prevention, Resiliency, SecureAPlus, Signature based, Trusted Computing, unauthorized applications, virtual environment, VoodooShield, whitelisting, Windows edition, Windows Operating System Security, Windows OS, Windows Server edition, zero-day antimalware solution

Application whitelisting software allows only examined and trusted applications to run on user's machine. Since many malicious files don't require administrative privileges in order for them to be executed, whitelisting can be the only way to block the execution of unauthorized applications in enterprise environment and thus prevent infection or data breach. In order to assess the current state of such solutions, the access to three whitelisting solution licenses was obtained with the purpose to test their effectiveness against different modern types of ransomware found in the wild. To conduct this study a virtual environment was used with Windows Server and Enterprise editions installed. The objective of this paper is not to evaluate each vendor or make recommendations of purchasing specific software but rather to assess the ability of application control solutions to block execution of ransomware files, as well as assess the potential for future research. The results of the research show the promise and effectiveness of whitelisting solutions.

Citation Keyturaev_prevention_2018