Traditional endpoint security based on patching and after the fact antivirus blacklisting is drawing to a conclusion of its useful life. It’s a topic that has been in the news much of 2009 and has comprised the topic of many of my own posts. For a sampling of this topic check out any of the following posts:
That, however, is not the topic of today’s post. Today I want to talk about application whitelisting as a compliment to, or alternative for, antivirus and the importance of managing additions and updates to legitimate applications – with the least amount of operational friction. Continue reading this post…
I came across this post from John Pescatore today on his Gartner blog titled, “Twelve Word Tuesday: I’d Start Over Again on Desktop Security”, and I couldn’t agree more. The evidence of the failure of blacklisting anti-virus can be found everywhere.
John, makes a reference to the Government’s Cash for Clunkers program and I think the analogy is an appropriate one. There are many desktop security companies that are heavily invested in the way things are today. Their recurring revenue model is based on subscriptions to a bloated blacklist. Their security solutions work on a find and clean model and not a preventative model. The likelihood that they will “start over” on security is slim to none and more likely they will keep trying to add a fresh coat of paint, change the tires and oil and patch things together with new additions. The problem is the engine is broken and won’t last much longer. Continue reading this post…
The most recent piece of evidence comes courtesy of the 2009 Black Hat conference going on right now in Las Vegas. MX Logic reports from this year’s conference that a new trojan called “Clampi” is being used for highly sophisticated identity theft. The researcher cited from SecureWorks claims that hundreds of thousands of PCs have already been infected. Continue reading this post…
This week Michael Assante, the Chief Security Officer (CSO) for the North American Electric Reliability Corporation (NERC), testified before congress about the threats facing the modern electric grid. The focus of this testimony in particular was the readiness of the systems comprising the electric grid to defend themselves against cyber attacks. At the beginning of his testimony, Mr. Assante called out the unique aspect of the dangers posed by a cyber attack and why that was so concerning to him.
“Unlike other concerns, such as extreme weather, security-related threats can be driven by malicious actors who intentionally manipulate or disrupt normal operations as part of a premeditated design to cause damage. Cyber-related threats pose a special set of concerns in that they can arise virtually anytime, anywhere and change and emerge without warning.” Continue reading this post…
This is the fourth and final post in a series introducing CoreTrace’s view of the inevitable transition that desktop security must make to a protection focused, application whitelisting solution and how that will happen practically. We believe that the recognition that traditional blacklist antivirus can no longer protect PCs has arrived and that it is time for IT and security professionals to discuss how a transition to a protective system can take place.
Of course this will not happen overnight. There have been significant investments made in existing blacklist antivirus technology as well as the operational processes to support this technology. These processes exist not only to update and manage blacklisting, but also support the necessary ongoing updating of operating systems and applications that are vulnerable to new malware attacks. We believe that application whitelisting is the logical next evolution of desktop security and that there are three critical steps that will take place for an organization to adopt this technology. We have addressed the first two in previous posts:
- Step 1 Protect – Organizations desperately need to implement a system that can protect their systems against zero day attacks.
- Step 2 Purify – Once their systems are protected, there will be a purification process that eventually cleans all existing systems of any infections, unauthorized software, or malware.
The third step, change management, is addressed in this post and has been the single biggest obstacle to widespread adoption of application whitelisting. Continue reading this post…