Cybersecurity threats are ever-present, multiplying rapidly, and evolving continuously. Attack vectors can include email-based attacks (i.e., phishing), web-based attacks (i.e., Javascript, ActiveX), vulnerabilities in add-ons such as QuickTime or Adobe, non-web-based protocols, and social networks. With such an expanded threat surface, signature-based antivirus and current blacklisting strategies have difficulty keeping up with the sheer volume of malware on the internet.

Whitelisting addresses this challenge by flipping the defense model from a default allow to a default deny. While blacklisting techniques use signatures to maintain a list of entities to block, whitelisting creates a list of a few trusted entities to allow while blocking anything not on the whitelist.

Organizations use whitelisting techniques to help give them a different advantage against malicious attackers.

In many cases, more security can mean less flexibility and a burden on users. Organizations are therefore continuously having to balance between complex defense-in-depth strategies while meeting user needs for flexibility and ease of use.

External system requests are compared to a whitelist. Requests from entities on the whitelist are granted system access. Entities not on the whitelist are blocked.