Jason Holcomb, from Digital Bond, recently attended a live implementation of CoreTrace’s award-winning BOUNCER application whitelisting product. He has a great post about his impressions on whitelisting in general, as well as his experience using BOUNCER on a control system server. His reaction?
“My overall impression: this is an elegant and effective solution to some of the security challenges we face with Windows servers and workstations in control systems.”
Jason hits on many of the reasons why application whitelisting has been so popular in the energy industry and why, more than ever, it is being used to protect critical SCADA and DCS systems as well as met NERC CIP requirements.
He goes on to say:
“If you have NERC CIP responsibility, some light bulbs are probably going off about now. Can I deploy a product like Bouncer and not have to do AV updates and patches? The CEO of Encari (Matthew Luallen) and the Midwest-ISO chairman (Paul Feldman) make a case for meeting “both the spirit and letter of the law” in this whitepaper: Malicious Software Prevention for NERC CIP-007 Compliance. The case is pretty clear for anti-malware. For patching it may at least buy you some time as a compensating control.”
Our customers have been discovering that for their control system and SCADA needs that application whitelisting is a more effective alternative than blacklist anti-virus and patching. Not only is it significantly cheaper and easier to protect your systems in this way, it doesn’t incur the significant performance penalty that comes from today’s anti-virus solutions.
We think that application whitelisting is starting to gain significant momentum as an alternative to blacklist anti-virus. Adoption is accelerating in the area of single purpose machines like those in control systems, but is also generating significant interest as a viable alternative in the enterprise as well. The bottom line is that existing endpoint security is simply so broken that people are actively seeking an alternative to the legacy systems they have in place.