The most recent piece of evidence comes courtesy of the 2009 Black Hat conference going on right now in Las Vegas. MX Logic reports from this year’s conference that a new trojan called “Clampi” is being used for highly sophisticated identity theft. The researcher cited from SecureWorks claims that hundreds of thousands of PCs have already been infected. ( Read More… )
Evidence Abounds of the Failure of Blacklist Antivirus
Most recent comment: Time For an Update of PCI Anti-Virus Requirements: Take a lesson from NERC CIP
[...] number of systems that belong to botnets. We recently blogged about two botnets formed by the new clampi trojan ...
NERC CSO Michael Assante Testifies Before Congress About Cyber Attacks
This week Michael Assante, the Chief Security Officer (CSO) for the North American Electric Reliability Corporation (NERC), testified before congress about the threats facing the modern electric grid. The focus of this testimony in particular was the readiness of the systems comprising the electric grid to defend themselves against cyber attacks. At the beginning of his testimony, Mr. Assante called out the unique aspect of the dangers posed by a cyber attack and why that was so concerning to him.
“Unlike other concerns, such as extreme weather, security-related threats can be driven by malicious actors who intentionally manipulate or disrupt normal operations as part of a premeditated design to cause damage. Cyber-related threats pose a special set of concerns in that they can arise virtually anytime, anywhere and change and emerge without warning.” ( Read More… )
Most recent comment: Emerging Cyber Threats – Spy Museum Event | Core
[...] Michael Assante, chief security officer for NERC (North American Electric Reliability Corporation) [...]
Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 3 Change Management
This is the fourth and final post in a series introducing CoreTrace’s view of the inevitable transition that desktop security must make to a protection focused, application whitelisting solution and how that will happen practically. We believe that the recognition that traditional blacklist antivirus can no longer protect PCs has arrived and that it is time for IT and security professionals to discuss how a transition to a protective system can take place.
Of course this will not happen overnight. There have been significant investments made in existing blacklist antivirus technology as well as the operational processes to support this technology. These processes exist not only to update and manage blacklisting, but also support the necessary ongoing updating of operating systems and applications that are vulnerable to new malware attacks. We believe that application whitelisting is the logical next evolution of desktop security and that there are three critical steps that will take place for an organization to adopt this technology. We have addressed the first two in previous posts:
- Step 1 Protect – Organizations desperately need to implement a system that can protect their systems against zero day attacks.
- Step 2 Purify – Once their systems are protected, there will be a purification process that eventually cleans all existing systems of any infections, unauthorized software, or malware.
The third step, change management, is addressed in this post and has been the single biggest obstacle to widespread adoption of application whitelisting. ( Read More… )
Most recent comment: Time to Start Over on Desktop Security
[...] Manage Change – A new approach to desktop security requires that people can still use their computer productively and ...
Collaboration with SignaCert: One Potential Avenue In The Purification Process
Earlier this week, Toney Jennings wrote about step two in the rational transition to application whitelisting: the purification stage. Today we announced another step in that stage: a collaboration with SignaCert, the provider of the largest known-provenance whitelist repository in the world, SignaCert’s Global Trust Repository (GTR). ( Read More… )
Please use the comment form and leave your thoughts!
Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 2 Purify
This is the third post in a series addressing what we see as an inevitable, protection focused, transition to application whitelisting and how that should take place practically. The posts already up on our blog are:
- Intro – Here we provide an overview of what is driving this transition.
- Part 1 Protect – This post highlights the need for companies to consider immediately adding application whitelisting to protect their endpoints.
We think that the transition will take place in three logical steps. First, adding protection to existing systems. Second, purifying those systems of any remnants of malware over time. Finally, providing a strong change management process that will allow users to be productive and deal with the inevitable changes to approved applications while still ensuring the protection that application whitelisting affords.
This blog entry deals with cleaning of endpoints that have gone through the protection step of the process. ( Read More… )
Most recent comment: Time to Start Over on Desktop Security
[...] Purify – We then transition into a process that cleans our existing systems of any residual malware [...]