What is Application Orangelisting?
Application orangelisting takes action on applications that you have not explicitly trusted allows potentially trusted applications to run securely in your environment in an attempt to mitigate exposure to malware. .
Orangelisting is a dynamic method of managing applications that are might not be included on the a whitelist or the blacklist. Orangelisting allows potentially trusted applications to run securely.
Arellia's Application Control Solution allows you to manage applications flexibly in a large, distributed client environment by putting:
- known Known trusted applications in a whitelist
- potentially Potentially trusted applications in an orangelist (also known as a graylist)
- everything Everything else in a blacklist
[[You can utilize a second attribute from the preceding list for whitelisted applications that will fall out of the whitelist range and into the orange list. Furthermore, applications that are whitelisted can also be added to the orange list. Often times, unknown software will fall between black and white, which is where an orangelist approach makes sense.]]
Instead of putting an unknown application into an automatic blacklist, you can apply a flexible policy that includes one or more actions such as running of the following actions:
- Running with demoted privileges
...
- Running read-only
...
- Notifying end users of corporate policy
...
- Running in a virtual layer
...
- Target internet-facing applications
By limiting an application’s impact to the operating system and other software, end users can use a piece of software and allow IT to review the software for black or white listing at a later date. At that later date a piece of software could be permanently allowed, denied for risk or legal reasons, or moved to a permanent orangelist.
Orangelist: Potentially trusted applications need to run, but with fewer rights.
Orangelisting by Trusted Location
Most software environments are dynamic resulting in situations that are not necessarily black and white. Many whitelisting solutions automatically blacklist any software that isn’t in a whitelist. While this is achievable with Application Control Solution, Arellia’s experience has found that this approach results in denials of service and angry users. To protect against a changing environment, the concept of Orangelisting (also known as graylisting) should be used for applications that are potentially trusted, but not in a whitelist.
In the case of Orangelists, they should target trusted software on a dimension different than the whitelist. One approach could be to trust software from certain vendors, certain digital signatures, or certain locations.
Orangelist policies have actions other than allow or denial of execution. Orangelist policies is dynamic mitigation against potential threats, and that’s where zero day protection comes into play.
Orangelisting actions:
...