We are having a great week where we are seeing more evidence than ever for the value of application whitelisting in providing both endpoint protection and application control. Earlier this week we met with Gartner analyst Neil MacDonald and got his perspective on the future of application whitelisting. He had many good insights about the state of the industry and we particularly agreed with his perspective on the importance of “trusted change” to the success of any application whitelisting solution. Continue reading this post…
Application Whitelisting Gaining Momentum for Endpoint Protection
Time For an Update of PCI Antivirus Requirements: Take a lesson from NERC CIP
PCI requirements have come under scrutiny lately. A number of high profile security incidents resulting in the exposure of hundreds of thousands of credit cards have, fairly or unfairly, brought attention to the companies who suffered these attacks and yet were PCI compliant at the time. The highest profile incident was that of Network Solutions where over a half a million credit cards were compromised.
The culprit? Unauthorized code on their servers resulted in the exposure of the credit card data. Despite the protections employed to protect the card data on servers, they were done in by simple malware on a system in their infrastructure.
Evidence Abounds of the Failure of Blacklist Antivirus
The most recent piece of evidence comes courtesy of the 2009 Black Hat conference going on right now in Las Vegas. MX Logic reports from this year’s conference that a new trojan called “Clampi” is being used for highly sophisticated identity theft. The researcher cited from SecureWorks claims that hundreds of thousands of PCs have already been infected. Continue reading this post…
Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 3 Change Management
This is the fourth and final post in a series introducing CoreTrace’s view of the inevitable transition that desktop security must make to a protection focused, application whitelisting solution and how that will happen practically. We believe that the recognition that traditional blacklist antivirus can no longer protect PCs has arrived and that it is time for IT and security professionals to discuss how a transition to a protective system can take place.
Of course this will not happen overnight. There have been significant investments made in existing blacklist antivirus technology as well as the operational processes to support this technology. These processes exist not only to update and manage blacklisting, but also support the necessary ongoing updating of operating systems and applications that are vulnerable to new malware attacks. We believe that application whitelisting is the logical next evolution of desktop security and that there are three critical steps that will take place for an organization to adopt this technology. We have addressed the first two in previous posts:
- Step 1 Protect – Organizations desperately need to implement a system that can protect their systems against zero day attacks.
- Step 2 Purify – Once their systems are protected, there will be a purification process that eventually cleans all existing systems of any infections, unauthorized software, or malware.
The third step, change management, is addressed in this post and has been the single biggest obstacle to widespread adoption of application whitelisting. Continue reading this post…
Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 2 Purify
This is the third post in a series addressing what we see as an inevitable, protection focused, transition to application whitelisting and how that should take place practically. The posts already up on our blog are:
- Intro – Here we provide an overview of what is driving this transition.
- Part 1 Protect – This post highlights the need for companies to consider immediately adding application whitelisting to protect their endpoints.
We think that the transition will take place in three logical steps. First, adding protection to existing systems. Second, purifying those systems of any remnants of malware over time. Finally, providing a strong change management process that will allow users to be productive and deal with the inevitable changes to approved applications while still ensuring the protection that application whitelisting affords.
This blog entry deals with cleaning of endpoints that have gone through the protection step of the process. Continue reading this post…