Prevention of Ransomware Execution in Enterprise Environment on Windows OS: Assessment of Application Whitelisting Solutions
Title | Prevention of Ransomware Execution in Enterprise Environment on Windows OS: Assessment of Application Whitelisting Solutions |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Turaev, H., Zavarsky, P., Swar, B. |
Conference Name | 2018 1st International Conference on Data Intelligence and Security (ICDIS) |
Date Published | apr |
ISBN Number | 978-1-5386-5762-1 |
Keywords | administrative privileges, application control solutions, application whitelisting software, Application Whitelisting Solutions, AppLocker, authorisation, blacklisting, business data processing, CodeShield, composability, cryptography, data breach prevention, Databases, enterprise environment, invasive software, malicious files, Malware, Metrics, Microsoft Windows (operating systems), Organizations, pubcrawl, ransomware, ransomware execution prevention, Resiliency, SecureAPlus, Signature based, Trusted Computing, unauthorized applications, virtual environment, VoodooShield, whitelisting, Windows edition, Windows Operating System Security, Windows OS, Windows Server edition, zero-day antimalware solution |
Abstract | Application whitelisting software allows only examined and trusted applications to run on user's machine. Since many malicious files don't require administrative privileges in order for them to be executed, whitelisting can be the only way to block the execution of unauthorized applications in enterprise environment and thus prevent infection or data breach. In order to assess the current state of such solutions, the access to three whitelisting solution licenses was obtained with the purpose to test their effectiveness against different modern types of ransomware found in the wild. To conduct this study a virtual environment was used with Windows Server and Enterprise editions installed. The objective of this paper is not to evaluate each vendor or make recommendations of purchasing specific software but rather to assess the ability of application control solutions to block execution of ransomware files, as well as assess the potential for future research. The results of the research show the promise and effectiveness of whitelisting solutions. |
URL | https://ieeexplore.ieee.org/document/8367748 |
DOI | 10.1109/ICDIS.2018.00024 |
Citation Key | turaev_prevention_2018 |
- unauthorized applications
- Organizations
- pubcrawl
- Ransomware
- ransomware execution prevention
- Resiliency
- SecureAPlus
- Signature based
- Trusted Computing
- Microsoft Windows (operating systems)
- virtual environment
- VoodooShield
- whitelisting
- Windows edition
- Windows Operating System Security
- Windows OS
- Windows Server edition
- zero-day antimalware solution
- composability
- application control solutions
- application whitelisting software
- Application Whitelisting Solutions
- AppLocker
- authorisation
- blacklisting
- business data processing
- CodeShield
- administrative privileges
- Cryptography
- data breach prevention
- Databases
- enterprise environment
- invasive software
- malicious files
- malware
- Metrics