Blacklisting is the most widely used approach in IT security to shield a network against threats. It is also the basic method for common virus scanners, firewalls and intrusion detection systems (IDS). With this approach known threats and their characteristics are analyzed and blacklisted. Thus, the security solutions compare the current communication with the blacklist entries. If an identical entry is found, communication is handled according to a predefined procedure. For example, known computer virusses are moved to quarantine and not permitted domains, contacts, or services are blocked.
Blacklisting has been under criticism for a long time since it can only clearly identify threats that are already known as such. Unknown, new or modified threats, on the other hand, are not detected and can easily enter the network. Investigations have also shown that the best firewalls reach a maximum hit rate of 95-97% for the known threats. The residual risk is therefore very high. Other approaches for IT security are whitelisting and anomaly detection.