Browse Definitions:
Definition

behavior whitelisting

Contributor(s): Matthew Haughn

Behavior whitelisting is a security method in which permissable actions within a given system are specified and all others are blocked. The method may be conducted through security software or the addition of whitelisted exceptions to a behavior blacklist.

Behavior whitelisting is used to secure websites, services and forums from bots and hackers, computers from malware and hacking attempts and email from spam and phishing attempts. Whitelisting is also used in the breach detection systems (BDS) protecting networks.

The two traditional ways of blocking spam are are content-based filtering and IP-based blacklisting. These methods are becoming less effective as spammers find ways to get around them. Blocking all behavior not on a whitelist can provide very effective security. However, it requires knowledge of what tasks and communications a system will need to perform and must be adjusted when these requirements change.

Whitelisting behavior can also be very effective in spam prevention. The method works well when the types of email sent and received are not so varied and unpredictable as to be outside of a whitelist, causing false positives. Formal email procedures can facilitate whitelisting behavior. Whitelisting commonly saves CPU and memory resources as the list of allowed behaviors is almost always smaller than is the case in a blacklist and therefore less work to scan through.

If improperly implemented, behavior whitelists can create vulnerabilities. Whitelisting is most effective where the number of required allowable functions are few and security requirements and accessibility are high. A blacklist used in this situation requires more set-up time and maintenance work to block the high volume of more varied behaviors. Blacklists also require more comprehensive and up-to-date knowledge of threats. Both methods must be implemented scrupulously to provide adequate security.

This was last updated in January 2017

Continue Reading About behavior whitelisting

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

SearchSecurity

  • password

    A password is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is...

  • adware

    Adware is any software application in which advertising banners are displayed while a program is running.

  • botnet

    A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things ...

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

  • mass notification system (MNS)

    A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.

  • disaster recovery as a service (DRaaS)

    One approach to a strong disaster recovery plan is DRaaS, where companies offload data replication and restoration ...

SearchStorage

  • data migration

    Data migration is the process of transferring data between data storage systems, data formats or computer systems.

  • compact disc (CD)

    A compact disc is a portable storage medium that can be used for recording, storing and playing back audio, video and other data ...

  • secondary storage

    Secondary storage is used to protect inactive data written from a primary storage array to a nonvolatile tier of disk, flash or ...

SearchSolidStateStorage

  • SSD RAID (solid-state drive RAID)

    SSD RAID (solid-state drive RAID) is a methodology commonly used to protect data by distributing redundant data blocks across ...

  • Tier 0

    Tier 0 (tier zero) is a level of data storage that is faster, and perhaps more expensive, than any other level in the storage ...

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close