Earlier this week, Toney Jennings wrote about step two in the rational transition to application whitelisting: the purification stage. Today we announced another step in that stage: a collaboration with SignaCert, the provider of the largest known-provenance whitelist repository in the world, SignaCert’s Global Trust Repository (GTR).
As has been stated in other blog postings, we see an inevitable, protection focused, transition to application whitelisting. We think that the transition will take place in three logical steps. First, adding protection to existing systems. Second, purifying those systems of any remnants of malware over time. Finally, providing a strong change management process that will allow users to be productive and deal with the inevitable changes to approved applications while still ensuring the protection that application whitelisting affords.
In order to protect existing systems against new threats that emerge every day, we believe businesses should implement a solution that automatically creates and then enforces a perfectly tailored whitelist for each computer. We feel the best way to accomplish this goal is through the use of a dynamic whitelist that is created for each individual PC that whitelists all current executables and protects the system from any unauthorized changes to that list. That is how BOUNCER by CoreTrace secures systems in a matter of minutes.
After the systems have been secured, we believe they should undergo an offline purification process that does not burden the resources of the protected computers. CoreTrace is committed to exploring and creating a variety of options that can assist in that purification process. As Toney mentioned in his blog, the process may eventually include some combination of blacklists, whitelists like GTR, and other advanced analytical tools. CoreTrace is working with SignaCert to validate market-driven requirements for the purification stage and to determine how GTR could help BOUNCER customers transition from a protected system to an ultimately clean endpoint.
Of the whitelists that are in the market, we were more comfortable with the quality model of SignaCert’s GTR than the quantity model of the mega-whitelists that cannot possibly be vetted and are more likely to be poisoned. Moving forward we will be exploring many ways that our companies can work together, not the least of which is raising awareness of application whitelisting as the future of endpoint protection.