Whitelisting technology works to ensure that only authorized executable code can run on endpoint systems. The software can give system administrators more control over the applications that can be installed and run by users.
Some security experts say that maintaining whitelists of authorized programs is difficult to manage, but security vendors point out that the technology has improved, giving administrators the ability to approve the most popular software based on the organization's risk profile.
At a high level, the software can alert on every executable that arrives on endpoint systems and bar them from running. Security experts say this prevents malware from targeting open software vulnerabilities. The technology also can monitor the underlying system processes for suspicious activity. The latest systems are integrated with network security appliances that have file analysis capabilities to examine suspicious file behavior.