Much has already been written about the impact of Operation Aurora on the threat landscape. The international attacks on some of the world’s leading Internet companies reminded us once again of the vulnerabilities within interconnected networks that can be accessed from virtually anywhere in the world.
These attacks also illustrate the growing need for, and strength of, application whitelisting solutions. As Aurora first gained access by attacking an endpoint within Google’s network to trick a user into installing malware, even leading antivirus software designed to detect such viruses and malicious code couldn’t stop it from running within the network.
There couldn’t be a better illustration of the reactive nature of patching and antivirus. In order to defend our IT resources we must move to an endpoint security tool that both protects against attacks we have never seen and makes up for security deficiencies in software that can lead to vulnerabilities. In this, the outcry has been against Internet Explorer, but these types of attacks aren’t unique to one application or vendor as long as our endpoint security remains reliant on after the fact detection of weaknesses, patching, and signatures. We posted a blog on this topic last week titled: “The French and German governments agree… And they are both wrong” that has generated a lot of discussion between security professionals.
This is where application whitelisting fills the gaps of other endpoint security tools. With traditional AV technologies constantly playing catch-up with new and more complex forms of Web-based malware, whitelisting shuts the door on any unauthorized application from launching in the first place. Along with its industry-wide and political ramifications, Operation Aurora is yet another example of why application whitelisting is becoming a critical component of any endpoint security strategy.