CoreTrace WhiteSpace

The Application Whitelisting and Security Weblog

Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 3 Change Management

July 20, 2009 at 10:28 pm, by Toney Jennings

Rational Transition to Whitelisting: Step 3 - UpdateThis is the fourth and final post in a series introducing CoreTrace’s view of the inevitable transition that desktop security must make to a protection focused, application whitelisting solution and how that will happen practically. We believe that the recognition that traditional blacklist antivirus can no longer protect PCs has arrived and that it is time for IT and security professionals to discuss how a transition to a protective system can take place.

Of course this will not happen overnight. There have been significant investments made in existing blacklist antivirus technology as well as the operational processes to support this technology. These processes exist not only to update and manage blacklisting, but also support the necessary ongoing updating of operating systems and applications that are vulnerable to new malware attacks. We believe that application whitelisting is the logical next evolution of desktop security and that there are three critical steps that will take place for an organization to adopt this technology. We have addressed the first two in previous posts:

  • Step 1 Protect – Organizations desperately need to implement a system that can protect their systems against zero day attacks.
  • Step 2 Purify – Once their systems are protected, there will be a purification process that eventually cleans all existing systems of any infections, unauthorized software, or malware.

The third step, change management, is addressed in this post and has been the single biggest obstacle to widespread adoption of application whitelisting. Continue reading this post…

Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 2 Purify

July 13, 2009 at 6:57 am, by Toney Jennings

Rational Transition to Whitelisting: Step 2 - PurifyThis is the third post in a series addressing what we see as an inevitable, protection focused, transition to application whitelisting and how that should take place practically. The posts already up on our blog are:

  • Intro – Here we provide an overview of what is driving this transition.
  • Part 1 Protect – This post highlights the need for companies to consider immediately adding application whitelisting to protect their endpoints.

We think that the transition will take place in three logical steps. First, adding protection to existing systems. Second, purifying those systems of any remnants of malware over time. Finally, providing a strong change management process that will allow users to be productive and deal with the inevitable changes to approved applications while still ensuring the protection that application whitelisting affords.

This blog entry deals with cleaning of endpoints that have gone through the protection step of the process. Continue reading this post…

Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 1 Protect

July 7, 2009 at 12:06 pm, by Toney Jennings

Rational Transition to Whitelisting: Step 1 - ProtectThe question of whether or not application whitelisting has an important role in the future of endpoint security is officially over. It does. Not only that, it is clear that legacy blacklist antivirus has lost the ability to provide any protection to endpoints and instead is relegated to an after the fact role geared at detecting infections and cleaning them up. I highlighted many of these trends toward application whitelisting and the changing role of antivirus in my intro to this series of blog posts. More evidence of this trend came yesterday when Symantec announced that they are adding application whitelisting capabilities into new reputation based technology code-named Quorum. The bottom line in all of this is that if you are responsible for the endpoint security of your company’s PCs and you aren’t thinking about how whitelisting changes things, you should start now. Continue reading this post…

Beware Waledac Worm and Spam This 4th of July Weekend

July 2, 2009 at 2:37 pm, by Wes Miller

Another kind of fireworks display may take place on the Internet this weekend. There is a large malware campaign targeted for this 4th of July weekend, 2009. CNET reports that computers infected by the Waledac worm are a part of a botnet that will begin distributing spam this weekend intending to get users to click on videos that will infect the PC with the malware and add it to the botnet.

The prevalence of this type of problem is more indicative than ever that blacklisting antivirus simply isn’t up to the task of preventing infection of PCs.

Endpoint Protection – A Case For a Rational Transition to Whitelisting: Intro

July 2, 2009 at 11:47 am, by Toney Jennings

Rational Transition to WhitelistingIn the past couple of months, whitelisting has been in the news through multiple different avenues. We at CoreTrace feel that the raising awareness that blacklist-based antivirus simply can no longer protect PCs is passing a critical point—a point that is going to lead businesses and eventually consumers to a whitelisting model that can prevent infection, not just detect and clean up the infection after the fact. Here is a look at some key news around this area: Continue reading this post…