I came across this post from John Pescatore today on his Gartner blog titled, “Twelve Word Tuesday: I’d Start Over Again on Desktop Security”, and I couldn’t agree more. The evidence of the failure of blacklisting anti-virus can be found everywhere.
John, makes a reference to the Government’s Cash for Clunkers program and I think the analogy is an appropriate one. There are many desktop security companies that are heavily invested in the way things are today. Their recurring revenue model is based on subscriptions to a bloated blacklist. Their security solutions work on a find and clean model and not a preventative model. The likelihood that they will “start over” on security is slim to none and more likely they will keep trying to add a fresh coat of paint, change the tires and oil and patch things together with new additions. The problem is the engine is broken and won’t last much longer.
The problem was evident again this month when we witnessed the largest theft of credit cards in history. Over 130 million credit cards were stolen by Albert Gonzalez and his accomplices using in many cases exploits that have been around for years. One of the primary exploits was a SQL injection attack against a vulnerability that has been fixed for some time and is definitely preventable.
This attack and the ongoing proliferation of botnets has led to a number of articles indicting everything from PCI DSS standards to overall security practices. An article last week in Forbes looks to offer advice in the article “Safeguarding Against Data Breaches.” It does a good job of describing the problem, but the solution falls short, oversimplifying a very difficult problem.
Sadly, advice is not enough. There are too many attacks that penetrate organizations that take security very seriously to think that it is a common sense and education issue as suggested in the Forbes article. Desktop security is broken plain and simple. The problem lies in trying to create a known signature for every piece of malware and attack that might be out there. It’s simply not feasible anymore to identify an attack, create a signature, distribute it to customers and have the customers update their systems before the attack affects them.
This company was founded on the premise that desktop security needs to fundamentally change. It is far easier to define what is allowed to run on a computer and block everything else than it is to identify and prevent every known attack. Last month we outlined what we think needs to happen to transition organizations to a more rational approach to desktop security, application whitelisting.
- Protect – First we must baseline our systems to prevent any new infections
- Purify – We then transition into a process that cleans our existing systems of any residual malware
- Manage Change – A new approach to desktop security requires that people can still use their computer productively and allow for new and updated software
Next week we will be publishing the results of our Anti-Malware Survey of IT Professionals and it is eye opening to say the least.
In two weeks we are also hosting a webinar on the results with Aaron Goldberg, vice president and principal analyst for Ziff Davis Enterprise, and Diane Hagglund, founder and principal of Dimensional Research.
Toney, you are spot on in this post and CoreTrace is simply the right tool for the job. One comment I would make is with regard to the “Purify” phase. Not only should you purify to remove malware, but all unauthorized or unwanted software. Even some software that comes with the standard operating system should quite simply be turned off. If it doesn’t add value to the business, why leave it turned on?
[...] is the issue. Last week John Pescatore of Gartner Group wrote we need to start over on desktop security and he’s right. The pace of security exploitation is simply too fast to expect operational [...]
[...] week, I highlighted Gartner Group Analyst, John Pescatore’s call to “start over again on desktop security” and it appears that the over 200 IT professionals that we surveyed agreed. 52% of the [...]
[...] blacklist antivirus solutions are broken. Gartner and many others have repeatedly called for “starting over on desktop security.” We agree and we believe that application whitelisting is absolutely critical in a [...]
[...] for some time now that it is time to start over on endpoint security. Gartner, I and others have written about this numerous times over the course of the last year. The reason AppLocker is so important is that it is a confirmation [...]