In a major step forward for application whitelisting as an important control to meet compliance guidelines, the PCI Security Standards Council has put out the following guideline adjustment regarding the addressing malware.
“The Council is looking for equivalent controls that address malware and all types of threats referenced in Requirement 5, which are often found in traditional anti-virus solutions. If another type of solution (application whitelisting, for example) addresses the identical threats with a different methodology than a signature-based approach, it may still be acceptable to meet the requirement.” ( Read More… )
Traditional endpoint security based on patching and after the fact antivirus blacklisting is drawing to a conclusion of its useful life. It’s a topic that has been in the news much of 2009 and has comprised the topic of many of my own posts. For a sampling of this topic check out any of the following posts:
That, however, is not the topic of today’s post. Today I want to talk about application whitelisting as a compliment to, or alternative for, antivirus and the importance of managing additions and updates to legitimate applications – with the least amount of operational friction. ( Read More… )
Please join Paul Roberts, senior analyst of enterprise security at The 451 Group, for a completely new look at Application Whitelisting in his webinar entitled “What Are The Real Benefits of Application Whitelisting: Security, Operations, Compliance?”
The webinar, sponsored by CoreTrace, will be held on October 27th at 2:00 p.m. EDT/11:00 a.m. PDT. ( Read More… )
More companies than ever are looking at alternatives to blacklist antivirus. It isn’t hard to see why. Rampant botnets, endless patching, and signature distribution that simply can’t keep up with the threat are just a few of the reasons why IT and security professionals are looking for viable alternatives to protect their endpoints. Even Gartner group has said it is time to start over on desktop security. ( Read More… )
Tomorrow Microsoft will release an operating system patch that represents the largest number of system fixes in Microsoft history. PCWorld gave the details in a post updated yesterday:
Microsoft says it will deliver its largest-ever number of security updates on Tuesday to fix flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and the enterprise-grade Forefront Security client software. ( Read More… )