Each approach to security has its advantages and disadvantages. It may sound strange, but you need both. A typical business organization which uses a limited number of applications and knows about the users and network connections required for this application should follow a whitelisting approach. The next step is to combine this approach with blacklisting to ensure that if authorized users enter the network with a known threat, your network will still be protected. Of course, there is less of an administrative effort involved in blacklisting compared to whitelisting, and the difference increases with the size of the whitelist. You can take a whitelist approach for applications which can be opened from all over the world, such as banking web portals and online shopping carts.